You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by vi...@apache.org on 2014/01/30 22:57:16 UTC
[1/9] git commit: Revert "ACCUMULO-2096 Clean up the security RW
tests."
Updated Branches:
refs/heads/1.6.0-SNAPSHOT 49457839a -> 2611cba3b
Revert "ACCUMULO-2096 Clean up the security RW tests."
This reverts commit 9f59c0022777fc86d0b269d064bcc898b27c9b23.
Conflicts:
test/src/main/java/org/apache/accumulo/test/randomwalk/security/Validate.java
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/cba77ea2
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/cba77ea2
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/cba77ea2
Branch: refs/heads/1.6.0-SNAPSHOT
Commit: cba77ea28c5b34a9389ffb2aa2a0e402b367b3f1
Parents: 4945783
Author: John Vines <vi...@apache.org>
Authored: Thu Jan 30 11:28:38 2014 -0500
Committer: John Vines <vi...@apache.org>
Committed: Thu Jan 30 11:28:38 2014 -0500
----------------------------------------------------------------------
.../test/randomwalk/security/AlterTable.java | 26 +----------
.../randomwalk/security/AlterTablePerm.java | 45 ++++++--------------
.../test/randomwalk/security/ChangePass.java | 2 +-
.../test/randomwalk/security/DropTable.java | 21 +--------
.../test/randomwalk/security/TableOp.java | 3 +-
5 files changed, 18 insertions(+), 79 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/cba77ea2/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java
index 91f5ba8..b2c4c87 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java
@@ -17,7 +17,6 @@
package org.apache.accumulo.test.randomwalk.security;
import java.net.InetAddress;
-import java.util.Map;
import java.util.Properties;
import org.apache.accumulo.core.client.AccumuloException;
@@ -28,10 +27,8 @@ import org.apache.accumulo.core.client.TableNotFoundException;
import org.apache.accumulo.core.client.security.SecurityErrorCode;
import org.apache.accumulo.test.randomwalk.State;
import org.apache.accumulo.test.randomwalk.Test;
-import org.apache.log4j.Logger;
public class AlterTable extends Test {
- private static final Logger log = Logger.getLogger(AlterTable.class);
@Override
public void visit(State state, Properties props) throws Exception {
@@ -39,33 +36,12 @@ public class AlterTable extends Test {
String tableName = WalkingSecurity.get(state).getTableName();
- Map<String,String> nameToId = conn.tableOperations().tableIdMap();
- String tableId = nameToId.get(tableName);
-
boolean exists = WalkingSecurity.get(state).getTableExists();
-
- if ((null == tableId && exists) || (null != tableId && !exists)) {
- log.error("For table " + tableName + ": found table ID " + tableId + " and " + (exists ? "expect" : "did not expect") + " it to exist");
- throw new TableNotFoundException(null, tableName, "Could not find table ID when it should exist");
- }
-
- boolean hasPermission;
- try {
- hasPermission = WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getSysCredentials(), tableId);
- } catch (Exception e) {
- if (!exists) {
- log.debug("Ignoring exception when trying to alter non-existent table", e);
- return;
- }
-
- throw e;
- }
-
+ boolean hasPermission = WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getSysCredentials(), tableName);
String newTableName = String.format("security_%s_%s_%d", InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_"), state.getPid(),
System.currentTimeMillis());
renameTable(conn, state, tableName, newTableName, hasPermission, exists);
-
}
public static void renameTable(Connector conn, State state, String oldName, String newName, boolean hasPermission, boolean tableExists)
http://git-wip-us.apache.org/repos/asf/accumulo/blob/cba77ea2/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java
index 4bd0d64..bad7b28 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java
@@ -27,32 +27,30 @@ import org.apache.accumulo.core.security.Credentials;
import org.apache.accumulo.core.security.TablePermission;
import org.apache.accumulo.test.randomwalk.State;
import org.apache.accumulo.test.randomwalk.Test;
-import org.apache.log4j.Logger;
public class AlterTablePerm extends Test {
- private static final Logger log = Logger.getLogger(AlterTablePerm.class);
-
+
@Override
public void visit(State state, Properties props) throws Exception {
alter(state, props);
}
-
+
public static void alter(State state, Properties props) throws Exception {
String action = props.getProperty("task", "toggle");
String perm = props.getProperty("perm", "random");
String sourceUserProp = props.getProperty("source", "system");
String targetUser = props.getProperty("target", "table");
boolean tabExists = WalkingSecurity.get(state).getTableExists();
-
+
String target;
if ("table".equals(targetUser))
target = WalkingSecurity.get(state).getTabUserName();
else
target = WalkingSecurity.get(state).getSysUserName();
-
+
boolean exists = WalkingSecurity.get(state).userExists(target);
boolean tableExists = WalkingSecurity.get(state).getTableExists();
-
+
TablePermission tabPerm;
if (perm.equals("random")) {
Random r = new Random();
@@ -76,25 +74,10 @@ public class AlterTablePerm extends Test {
sourceToken = state.getToken();
}
Connector conn = state.getInstance().getConnector(sourceUser, sourceToken);
- String tableId = conn.tableOperations().tableIdMap().get(tableName);
-
- // Make sure we get an ID when we can
- if ((null == tableId && tableExists) || (null != tableId && !tableExists)) {
- log.error("For table " + tableName + ": found table ID " + tableId + " and we " + (exists ? "expect" : "did not expect") + " it to exist");
- throw new AccumuloException("Could not find table ID for " + tableName + " but it should have existed");
- }
-
- try {
- canGive = WalkingSecurity.get(state).canGrantTable(new Credentials(sourceUser, sourceToken).toThrift(state.getInstance()), target, tableId);
- } catch (Exception e) {
- if (!tableExists) {
- log.debug("Ignoring exception checking permission on non-existent table", e);
- return;
- }
-
- throw e;
- }
-
+
+ canGive = WalkingSecurity.get(state).canGrantTable(new Credentials(sourceUser, sourceToken).toThrift(state.getInstance()), target,
+ WalkingSecurity.get(state).getTableName());
+
// toggle
if (!"take".equals(action) && !"give".equals(action)) {
try {
@@ -102,7 +85,7 @@ public class AlterTablePerm extends Test {
if (hasPerm != (res = state.getConnector().securityOperations().hasTablePermission(target, tableName, tabPerm)))
throw new AccumuloException("Test framework and accumulo are out of sync for user " + conn.whoami() + " for perm " + tabPerm.name()
+ " with local vs. accumulo being " + hasPerm + " " + res);
-
+
if (hasPerm)
action = "take";
else
@@ -124,7 +107,7 @@ public class AlterTablePerm extends Test {
}
}
}
-
+
boolean trans = WalkingSecurity.get(state).userPassTransient(conn.whoami());
if ("take".equals(action)) {
try {
@@ -183,14 +166,14 @@ public class AlterTablePerm extends Test {
}
WalkingSecurity.get(state).grantTablePermission(target, tableName, tabPerm);
}
-
+
if (!exists)
throw new AccumuloException("User shouldn't have existed, but apparantly does");
if (!tableExists)
throw new AccumuloException("Table shouldn't have existed, but apparantly does");
if (!canGive)
throw new AccumuloException(conn.whoami() + " shouldn't have been able to grant privilege");
-
+
}
-
+
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/cba77ea2/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java
index 6287d6a..439e724 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/ChangePass.java
@@ -85,7 +85,7 @@ public class ChangePass extends Test {
}
}
WalkingSecurity.get(state).changePassword(target, newPass);
- // Waiting 1 second for password to propagate through Zk
+ // Waiting 1 second for password to propogate through Zk
Thread.sleep(1000);
if (!hasPerm)
throw new AccumuloException("Password change succeeded when it should have failed for " + source + " changing the password for " + target + ".");
http://git-wip-us.apache.org/repos/asf/accumulo/blob/cba77ea2/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java
index 4dc25ea..52b6e25 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java
@@ -28,10 +28,8 @@ import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
import org.apache.accumulo.core.security.Credentials;
import org.apache.accumulo.test.randomwalk.State;
import org.apache.accumulo.test.randomwalk.Test;
-import org.apache.log4j.Logger;
public class DropTable extends Test {
- private static final Logger log = Logger.getLogger(DropTable.class);
@Override
public void visit(State state, Properties props) throws Exception {
@@ -52,26 +50,9 @@ public class DropTable extends Test {
Connector conn = state.getInstance().getConnector(principal, token);
String tableName = WalkingSecurity.get(state).getTableName();
- String tableId = conn.tableOperations().tableIdMap().get(tableName);
boolean exists = WalkingSecurity.get(state).getTableExists();
-
- if ((null == tableId && exists) || (null != tableId && !exists)) {
- log.error("For table " + tableName + ": found table ID " + tableId + " and " + (exists ? "expect" : "did not expect") + " it to exist");
- throw new AccumuloException("Test and Accumulo state differ on " + tableName + " existence.");
- }
-
- boolean hasPermission;
- try {
- hasPermission = WalkingSecurity.get(state).canDeleteTable(new Credentials(principal, token).toThrift(state.getInstance()), tableId);
- } catch (Exception e) {
- if (!exists) {
- log.error("Ignoring exception checking permissions on non-existent table", e);
- return;
- }
-
- throw e;
- }
+ boolean hasPermission = WalkingSecurity.get(state).canDeleteTable(new Credentials(principal, token).toThrift(state.getInstance()), tableName);
try {
conn.tableOperations().delete(tableName);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/cba77ea2/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
index 7199322..347be89 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
@@ -75,14 +75,13 @@ public class TableOp extends Test {
switch (tp) {
case READ: {
+ boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabCredentials(), tableId);
Authorizations auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabCredentials());
boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
boolean ambiguousAuths = WalkingSecurity.get(state).ambiguousAuthorizations(conn.whoami());
Scanner scan = null;
- boolean canRead = false;
try {
- canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabCredentials(), tableId);
scan = conn.createScanner(tableName, conn.securityOperations().getUserAuthorizations(conn.whoami()));
int seen = 0;
Iterator<Entry<Key,Value>> iter = scan.iterator();
[2/9] git commit: Revert "ACCUMULO-2087 ACCUMULO-2086 Fixing
formatting."
Posted by vi...@apache.org.
Revert "ACCUMULO-2087 ACCUMULO-2086 Fixing formatting."
This reverts commit 0d294ad64ed5a12c44e1c33bc5561897e3aef512.
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/12aa01e9
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/12aa01e9
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/12aa01e9
Branch: refs/heads/1.6.0-SNAPSHOT
Commit: 12aa01e9a26d077a0a131590932b0cb2fc4783fb
Parents: cba77ea
Author: John Vines <vi...@apache.org>
Authored: Thu Jan 30 11:29:03 2014 -0500
Committer: John Vines <vi...@apache.org>
Committed: Thu Jan 30 11:29:03 2014 -0500
----------------------------------------------------------------------
.../accumulo/core/client/impl/Tables.java | 16 +++++------
.../test/randomwalk/security/TableOp.java | 28 ++++++++++----------
2 files changed, 20 insertions(+), 24 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/12aa01e9/core/src/main/java/org/apache/accumulo/core/client/impl/Tables.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/client/impl/Tables.java b/core/src/main/java/org/apache/accumulo/core/client/impl/Tables.java
index 215f381..bed4234 100644
--- a/core/src/main/java/org/apache/accumulo/core/client/impl/Tables.java
+++ b/core/src/main/java/org/apache/accumulo/core/client/impl/Tables.java
@@ -287,26 +287,22 @@ public class Tables {
/**
* Returns the namespace for a given table ID.
- *
- * @param instance
- * The Accumulo Instance
- * @param tableId
- * The tableId
+ * @param instance The Accumulo Instance
+ * @param tableId The tableId
* @return The namespace which this table resides in.
- * @throws IllegalArgumentException
- * if the table doesn't exist in ZooKeeper
+ * @throws IllegalArgumentException if the table doesn't exist in ZooKeeper
*/
public static String getNamespace(Instance instance, String tableId) throws IllegalArgumentException {
ArgumentChecker.notNull(instance, tableId);
-
+
ZooCache zc = getZooCache(instance);
byte[] n = zc.get(ZooUtil.getRoot(instance) + Constants.ZTABLES + "/" + tableId + Constants.ZTABLE_NAMESPACE);
-
+
// We might get null out of ZooCache if this tableID doesn't exist
if (null == n) {
throw new IllegalArgumentException("Table with id " + tableId + " does not exist");
}
-
+
return new String(n, Constants.UTF8);
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/12aa01e9/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
index 347be89..0215365 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
@@ -50,11 +50,11 @@ import org.apache.hadoop.fs.Path;
import org.apache.hadoop.io.Text;
public class TableOp extends Test {
-
+
@Override
public void visit(State state, Properties props) throws Exception {
Connector conn = state.getInstance().getConnector(WalkingSecurity.get(state).getTabUserName(), WalkingSecurity.get(state).getTabToken());
-
+
String action = props.getProperty("action", "_random");
TablePermission tp;
if ("_random".equalsIgnoreCase(action)) {
@@ -63,23 +63,23 @@ public class TableOp extends Test {
} else {
tp = TablePermission.valueOf(action);
}
-
+
final boolean tableExists = WalkingSecurity.get(state).getTableExists();
final String tableName = WalkingSecurity.get(state).getTableName();
final String tableId = conn.tableOperations().tableIdMap().get(tableName);
-
+
if (null == tableId) {
log.error("Could not determine tableID from name " + tableName);
return;
}
-
+
switch (tp) {
case READ: {
boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabCredentials(), tableId);
Authorizations auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabCredentials());
boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
boolean ambiguousAuths = WalkingSecurity.get(state).ambiguousAuthorizations(conn.whoami());
-
+
Scanner scan = null;
try {
scan = conn.createScanner(tableName, conn.securityOperations().getUserAuthorizations(conn.whoami()));
@@ -133,22 +133,22 @@ public class TableOp extends Test {
else
throw new AccumuloException("Mismatched authorizations! ", re.getCause());
}
-
+
throw new AccumuloException("Unexpected exception!", re);
} finally {
if (scan != null) {
scan.close();
scan = null;
}
-
+
}
-
+
break;
}
case WRITE:
boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabCredentials(), tableId);
boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
-
+
String key = WalkingSecurity.get(state).getLastKey() + "1";
Mutation m = new Mutation(new Text(key));
for (String s : WalkingSecurity.get(state).getAuthsArray()) {
@@ -172,7 +172,7 @@ public class TableOp extends Test {
// For now, just wait a second and go again if they can write!
if (!canWrite)
return;
-
+
if (ambiguousZone) {
Thread.sleep(1000);
try {
@@ -233,7 +233,7 @@ public class TableOp extends Test {
WalkingSecurity.get(state).increaseAuthMap(s, 1);
fs.delete(dir, true);
fs.delete(fail, true);
-
+
if (!WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableId))
throw new AccumuloException("Bulk Import succeeded when it should have failed: " + dir + " table " + tableName);
break;
@@ -241,7 +241,7 @@ public class TableOp extends Test {
AlterTable.renameTable(conn, state, tableName, tableName + "plus",
WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getTabCredentials(), tableId), tableExists);
break;
-
+
case GRANT:
props.setProperty("task", "grant");
props.setProperty("perm", "random");
@@ -249,7 +249,7 @@ public class TableOp extends Test {
props.setProperty("target", "system");
AlterTablePerm.alter(state, props);
break;
-
+
case DROP_TABLE:
props.setProperty("source", "table");
DropTable.dropTable(state, props);
[8/9] git commit: ACCUMULO-2086 ACCUMULO-2096 ACCUMULO-2286 Some more
initial namespace support
Posted by vi...@apache.org.
ACCUMULO-2086 ACCUMULO-2096 ACCUMULO-2286 Some more initial namespace support
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/3d8a1161
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/3d8a1161
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/3d8a1161
Branch: refs/heads/1.6.0-SNAPSHOT
Commit: 3d8a1161e88b613e48b23e16cca12699d0ba0bf7
Parents: 939a4f9
Author: John Vines <vi...@apache.org>
Authored: Thu Jan 30 16:51:59 2014 -0500
Committer: John Vines <vi...@apache.org>
Committed: Thu Jan 30 16:51:59 2014 -0500
----------------------------------------------------------------------
.../accumulo/test/randomwalk/security/SecurityFixture.java | 7 +++++++
.../accumulo/test/randomwalk/security/WalkingSecurity.java | 5 +++++
2 files changed, 12 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/3d8a1161/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
index 8841355..30f12fb 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
@@ -87,6 +87,13 @@ public class SecurityFixture extends Fixture {
conn.tableOperations().delete(secTableName);
}
+ if (WalkingSecurity.get(state).getNamespaceExists()) {
+ String secNamespaceName = WalkingSecurity.get(state).getNamespaceName();
+ log.debug("Dropping namespace: " + secNamespaceName);
+
+ conn.namespaceOperations().delete(secNamespaceName);
+ }
+
if (WalkingSecurity.get(state).userExists(WalkingSecurity.get(state).getTabUserName())) {
String tableUserName = WalkingSecurity.get(state).getTabUserName();
log.debug("Dropping user: " + tableUserName);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/3d8a1161/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
index 37bb364..fc53d01 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
@@ -88,6 +88,7 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au
if (instance == null || instance.state != state) {
instance = new WalkingSecurity(state);
state.set(tableExists, Boolean.toString(false));
+ state.set(namespaceExists, Boolean.toString(false));
state.set(authsMap, new HashMap<String,Integer>());
}
@@ -344,6 +345,10 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au
return Boolean.parseBoolean(state.getString(tableExists));
}
+ public boolean getNamespaceExists() {
+ return Boolean.parseBoolean(state.getString(namespaceExists));
+ }
+
public TCredentials getSysCredentials() {
return new Credentials(getSysUserName(), getSysToken()).toThrift(this.state.getInstance());
}
[4/9] git commit: ACCUMULO-1479 Simplification of namespace support
in SecurityOperation
Posted by vi...@apache.org.
ACCUMULO-1479 Simplification of namespace support in SecurityOperation
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/b80e1a4f
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/b80e1a4f
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/b80e1a4f
Branch: refs/heads/1.6.0-SNAPSHOT
Commit: b80e1a4f9c9b180c9862964a9042b9ad70e1d9e7
Parents: ca6c82b
Author: John Vines <vi...@apache.org>
Authored: Tue Jan 28 16:26:08 2014 -0500
Committer: John Vines <vi...@apache.org>
Committed: Thu Jan 30 11:51:32 2014 -0500
----------------------------------------------------------------------
.../core/security/NamespacePermission.java | 67 +++++--
.../security/AuditedSecurityOperation.java | 4 +-
.../server/security/SecurityOperation.java | 177 ++++++++-----------
.../accumulo/master/FateServiceHandler.java | 12 +-
.../accumulo/master/tableOps/CreateTable.java | 8 +-
.../test/randomwalk/security/CreateTable.java | 2 +-
.../org/apache/accumulo/test/NamespacesIT.java | 3 +-
7 files changed, 149 insertions(+), 124 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/b80e1a4f/core/src/main/java/org/apache/accumulo/core/security/NamespacePermission.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/security/NamespacePermission.java b/core/src/main/java/org/apache/accumulo/core/security/NamespacePermission.java
index 1066bc4..f9f7564 100644
--- a/core/src/main/java/org/apache/accumulo/core/security/NamespacePermission.java
+++ b/core/src/main/java/org/apache/accumulo/core/security/NamespacePermission.java
@@ -23,21 +23,20 @@ import java.util.List;
* Accumulo namespace permissions. Each permission has an associated byte ID.
*/
public enum NamespacePermission {
- /*
- * One may add new permissions, but new permissions must use new numbers.
- * Current numbers in use must not be changed.
- */
+ // One may add new permissions, but new permissions must use new numbers. Current numbers in use must not be changed.
READ((byte) 0),
WRITE((byte) 1),
ALTER_NAMESPACE((byte) 2),
GRANT((byte) 3),
ALTER_TABLE((byte) 4),
CREATE_TABLE((byte) 5),
- DROP_TABLE((byte) 6);
+ DROP_TABLE((byte) 6),
+ BULK_IMPORT((byte) 7),
+ DROP_NAMESPACE((byte) 8);
final private byte permID;
- final private static NamespacePermission mapping[] = new NamespacePermission[8];
+ final private static NamespacePermission mapping[] = new NamespacePermission[9];
static {
for (NamespacePermission perm : NamespacePermission.values())
mapping[perm.permID] = perm;
@@ -49,7 +48,7 @@ public enum NamespacePermission {
/**
* Gets the byte ID of this permission.
- *
+ *
* @return byte ID
*/
public byte getId() {
@@ -58,7 +57,7 @@ public enum NamespacePermission {
/**
* Returns a list of printable permission values.
- *
+ *
* @return list of namespace permission values, as "Namespace." + permission name
*/
public static List<String> printableValues() {
@@ -74,10 +73,12 @@ public enum NamespacePermission {
/**
* Gets the permission matching the given byte ID.
- *
- * @param id byte ID
+ *
+ * @param id
+ * byte ID
* @return system permission
- * @throws IndexOutOfBoundsException if the byte ID is invalid
+ * @throws IndexOutOfBoundsException
+ * if the byte ID is invalid
*/
public static NamespacePermission getPermissionById(byte id) {
NamespacePermission result = mapping[id];
@@ -86,4 +87,48 @@ public enum NamespacePermission {
throw new IndexOutOfBoundsException("No such permission");
}
+ public static NamespacePermission getEquivalent(TablePermission permission) {
+ switch (permission) {
+ case READ:
+ return NamespacePermission.READ;
+ case WRITE:
+ return NamespacePermission.WRITE;
+ case ALTER_TABLE:
+ return NamespacePermission.ALTER_TABLE;
+ case GRANT:
+ return NamespacePermission.GRANT;
+ case DROP_TABLE:
+ return NamespacePermission.DROP_TABLE;
+ case BULK_IMPORT:
+ return NamespacePermission.BULK_IMPORT;
+ default:
+ return null;
+ }
+
+ }
+
+ public static NamespacePermission getEquivalent(SystemPermission permission) {
+ switch (permission) {
+ case CREATE_TABLE:
+ return NamespacePermission.CREATE_TABLE;
+ case DROP_TABLE:
+ return NamespacePermission.DROP_TABLE;
+ case ALTER_TABLE:
+ return NamespacePermission.ALTER_TABLE;
+ case ALTER_NAMESPACE:
+ return NamespacePermission.ALTER_NAMESPACE;
+ case DROP_NAMESPACE:
+ return NamespacePermission.DROP_NAMESPACE;
+ case GRANT:
+ return NamespacePermission.ALTER_NAMESPACE;
+ case CREATE_NAMESPACE:
+ case CREATE_USER:
+ case DROP_USER:
+ case ALTER_USER:
+ case SYSTEM:
+ default:
+ return null;
+ }
+ }
+
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/b80e1a4f/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java b/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
index bbfa71b..07492c6 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
@@ -233,9 +233,9 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_CREATE_TABLE_AUDIT_TEMPLATE = "action: createTable; targetTable: %s;";
@Override
- public boolean canCreateTable(TCredentials c, String tableName) throws ThriftSecurityException {
+ public boolean canCreateTable(TCredentials c, String tableName, String namespaceId) throws ThriftSecurityException {
try {
- boolean result = super.canCreateTable(c, tableName);
+ boolean result = super.canCreateTable(c, tableName, namespaceId);
audit(c, result, CAN_CREATE_TABLE_AUDIT_TEMPLATE, tableName);
return result;
} catch (ThriftSecurityException ex) {
http://git-wip-us.apache.org/repos/asf/accumulo/blob/b80e1a4f/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
index 4b302f0..ad1fbc0 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
@@ -242,15 +242,41 @@ public class SecurityOperation {
}
}
+ private boolean hasSystemPermission(TCredentials credentials, SystemPermission permission, boolean useCached) throws ThriftSecurityException {
+ return hasSystemPermissionWithNamespaceId(credentials, permission, null, useCached);
+ }
+
+ private boolean hasSystemPermissionWithTableId(TCredentials credentials, SystemPermission permission, String tableId, boolean useCached)
+ throws ThriftSecurityException {
+ if (isSystemUser(credentials))
+ return true;
+ String namespaceId = null;
+ try {
+ namespaceId = Namespaces.getNamespaceId(HdfsZooInstance.getInstance(), Tables.getNamespace(HdfsZooInstance.getInstance(), tableId));
+ } catch (NamespaceNotFoundException nnfe) {
+ // Don't care, we won't pay any attention to namespace permissions
+ }
+
+ return hasSystemPermissionWithNamespaceId(credentials, permission, namespaceId, useCached);
+ }
+
/**
* Checks if a user has a system permission
*
* @return true if a user exists and has permission; false otherwise
*/
- private boolean hasSystemPermission(TCredentials credentials, SystemPermission permission, boolean useCached) throws ThriftSecurityException {
+ private boolean hasSystemPermissionWithNamespaceId(TCredentials credentials, SystemPermission permission, String namespaceId, boolean useCached)
+ throws ThriftSecurityException {
if (isSystemUser(credentials))
return true;
- return _hasSystemPermission(credentials.getPrincipal(), permission, useCached);
+
+ if (_hasSystemPermission(credentials.getPrincipal(), permission, useCached))
+ return true;
+ if (namespaceId != null) {
+ return _hasNamespacePermission(credentials.getPrincipal(), namespaceId, NamespacePermission.getEquivalent(permission), useCached);
+ }
+
+ return false;
}
/**
@@ -282,7 +308,9 @@ public class SecurityOperation {
protected boolean hasTablePermission(TCredentials credentials, String table, TablePermission permission, boolean useCached) throws ThriftSecurityException {
if (isSystemUser(credentials))
return true;
- return _hasTablePermission(credentials.getPrincipal(), table, permission, useCached);
+ return _hasTablePermission(credentials.getPrincipal(), table, permission, useCached)
+ || _hasNamespacePermission(credentials.getPrincipal(), Tables.getNamespace(HdfsZooInstance.getInstance(), table),
+ NamespacePermission.getEquivalent(permission), useCached);
}
/**
@@ -309,51 +337,15 @@ public class SecurityOperation {
}
/**
- * Checks if a user has a namespace permission
- *
- * @return true if a user exists and has permission; false otherwise
- */
- protected boolean hasNamespacePermission(TCredentials credentials, String namespace, NamespacePermission permission, boolean useCached)
- throws ThriftSecurityException {
- if (isSystemUser(credentials))
- return true;
- return _hasNamespacePermission(credentials.getPrincipal(), namespace, permission, useCached);
- }
-
- /**
- * Checks if a user has a namespace permission given a tableId
- *
- * @return true if a user exists and has permission; false otherwise
- */
- protected boolean hasNamespacePermissionForTableId(TCredentials credentials, String tableId, NamespacePermission permission, boolean useCached)
- throws ThriftSecurityException {
- String namespace = Tables.getNamespace(HdfsZooInstance.getInstance(), tableId);
- return hasNamespacePermission(credentials, namespace, permission, useCached);
- }
-
- /**
- * Checks if a user has a namespace permission given a tableName
- *
- * @return true if a user exists and has permission; false otherwise
- */
- protected boolean hasNamespacePermissionForTableName(TCredentials credentials, String tableName, NamespacePermission permission, boolean useCached)
- throws ThriftSecurityException {
- String namespace = Tables.qualify(tableName).getFirst();
- try {
- String namespaceId = Namespaces.getNamespaceId(HdfsZooInstance.getInstance(), namespace);
- return hasNamespacePermission(credentials, namespaceId, permission, useCached);
- } catch (NamespaceNotFoundException e) {
- throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.NAMESPACE_DOESNT_EXIST);
- }
- }
-
- /**
* Checks if a user has a namespace permission<br/>
* This cannot check if a system user has permission.
*
* @return true if a user exists and has permission; false otherwise
*/
protected boolean _hasNamespacePermission(String user, String namespace, NamespacePermission permission, boolean useCached) throws ThriftSecurityException {
+ if (permission == null)
+ return false;
+
targetUserExists(user);
if (namespace.equals(Namespaces.ACCUMULO_NAMESPACE_ID) && permission.equals(NamespacePermission.READ))
@@ -391,8 +383,7 @@ public class SecurityOperation {
public boolean canScan(TCredentials credentials, String table) throws ThriftSecurityException {
authenticate(credentials);
- return hasTablePermission(credentials, table, TablePermission.READ, true)
- || hasNamespacePermissionForTableId(credentials, table, NamespacePermission.READ, true);
+ return hasTablePermission(credentials, table, TablePermission.READ, true);
}
public boolean canScan(TCredentials credentials, String table, TRange range, List<TColumn> columns, List<IterInfo> ssiList,
@@ -407,25 +398,21 @@ public class SecurityOperation {
public boolean canWrite(TCredentials credentials, String table) throws ThriftSecurityException {
authenticate(credentials);
- return hasTablePermission(credentials, table, TablePermission.WRITE, true)
- || hasNamespacePermissionForTableId(credentials, table, NamespacePermission.WRITE, true);
+ return hasTablePermission(credentials, table, TablePermission.WRITE, true);
}
public boolean canConditionallyUpdate(TCredentials credentials, String tableID, List<ByteBuffer> authorizations) throws ThriftSecurityException {
authenticate(credentials);
- return (hasTablePermission(credentials, tableID, TablePermission.WRITE, true) || hasNamespacePermissionForTableId(credentials, tableID,
- NamespacePermission.WRITE, true))
- && (hasTablePermission(credentials, tableID, TablePermission.READ, true) || hasNamespacePermissionForTableId(credentials, tableID,
- NamespacePermission.READ, true));
+ return hasTablePermission(credentials, tableID, TablePermission.WRITE, true) && hasTablePermission(credentials, tableID, TablePermission.READ, true);
}
- public boolean canSplitTablet(TCredentials credentials, String table) throws ThriftSecurityException {
+ public boolean canSplitTablet(TCredentials credentials, String tableId) throws ThriftSecurityException {
authenticate(credentials);
- return hasSystemPermission(credentials, SystemPermission.ALTER_TABLE, false) || hasSystemPermission(credentials, SystemPermission.SYSTEM, false)
- || hasTablePermission(credentials, table, TablePermission.ALTER_TABLE, false)
- || hasNamespacePermissionForTableId(credentials, table, NamespacePermission.ALTER_TABLE, false);
+ return hasSystemPermissionWithTableId(credentials, SystemPermission.ALTER_TABLE, tableId, false)
+ || hasSystemPermissionWithTableId(credentials, SystemPermission.SYSTEM, tableId, false)
+ || hasTablePermission(credentials, tableId, TablePermission.ALTER_TABLE, false);
}
/**
@@ -438,64 +425,53 @@ public class SecurityOperation {
public boolean canFlush(TCredentials c, String tableId) throws ThriftSecurityException {
authenticate(c);
- return hasTablePermission(c, tableId, TablePermission.WRITE, false) || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false)
- || hasNamespacePermissionForTableId(c, tableId, NamespacePermission.ALTER_TABLE, false)
- || hasNamespacePermissionForTableId(c, tableId, NamespacePermission.WRITE, false);
+ return hasTablePermission(c, tableId, TablePermission.WRITE, false) || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false);
}
public boolean canAlterTable(TCredentials c, String tableId) throws ThriftSecurityException {
authenticate(c);
- return hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false) || hasSystemPermission(c, SystemPermission.ALTER_TABLE, false)
- || hasNamespacePermissionForTableId(c, tableId, NamespacePermission.ALTER_TABLE, false);
+ return hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false)
+ || hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false);
}
- public boolean canCreateTable(TCredentials c, String tableName) throws ThriftSecurityException {
+ public boolean canCreateTable(TCredentials c, String table, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasNamespacePermissionForTableName(c, tableName, NamespacePermission.CREATE_TABLE, false) || canCreateTable(c);
- }
-
- public boolean canCreateTable(TCredentials c) throws ThriftSecurityException {
- authenticate(c);
- return hasSystemPermission(c, SystemPermission.CREATE_TABLE, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.CREATE_TABLE, namespaceId, false);
}
public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermission(c, SystemPermission.ALTER_TABLE, false) || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false)
- || hasNamespacePermissionForTableId(c, tableId, NamespacePermission.ALTER_TABLE, false);
+ return hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false)
+ || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false);
}
public boolean canCloneTable(TCredentials c, String tableId, String tableName) throws ThriftSecurityException {
authenticate(c);
- return (hasSystemPermission(c, SystemPermission.CREATE_TABLE, false) || hasNamespacePermissionForTableName(c, tableName, NamespacePermission.CREATE_TABLE,
- false))
- && (hasTablePermission(c, tableId, TablePermission.READ, false) || hasNamespacePermissionForTableId(c, tableId, NamespacePermission.READ, false));
+ return hasSystemPermissionWithTableId(c, SystemPermission.CREATE_TABLE, tableId, false) && hasTablePermission(c, tableId, TablePermission.READ, false);
}
public boolean canDeleteTable(TCredentials c, String tableId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermission(c, SystemPermission.DROP_TABLE, false) || hasTablePermission(c, tableId, TablePermission.DROP_TABLE, false)
- || hasNamespacePermissionForTableId(c, tableId, NamespacePermission.DROP_TABLE, false);
+ return hasSystemPermissionWithTableId(c, SystemPermission.DROP_TABLE, tableId, false) || hasTablePermission(c, tableId, TablePermission.DROP_TABLE, false);
}
public boolean canOnlineOfflineTable(TCredentials c, String tableId, FateOperation op) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermission(c, SystemPermission.SYSTEM, false) || hasSystemPermission(c, SystemPermission.ALTER_TABLE, false)
- || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false)
- || hasNamespacePermissionForTableId(c, tableId, NamespacePermission.ALTER_TABLE, false);
+ return hasSystemPermissionWithTableId(c, SystemPermission.SYSTEM, tableId, false)
+ || hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false)
+ || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false);
}
public boolean canMerge(TCredentials c, String tableId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermission(c, SystemPermission.SYSTEM, false) || hasSystemPermission(c, SystemPermission.ALTER_TABLE, false)
- || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false)
- || hasNamespacePermissionForTableId(c, tableId, NamespacePermission.ALTER_TABLE, false);
+ return hasSystemPermissionWithTableId(c, SystemPermission.SYSTEM, tableId, false)
+ || hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false)
+ || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false);
}
public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermission(c, SystemPermission.SYSTEM, false) || hasTablePermission(c, tableId, TablePermission.WRITE, false)
- || hasNamespacePermissionForTableId(c, tableId, NamespacePermission.WRITE, false);
+ return hasSystemPermissionWithTableId(c, SystemPermission.SYSTEM, tableId, false) || hasTablePermission(c, tableId, TablePermission.WRITE, false);
}
public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir) throws ThriftSecurityException {
@@ -509,9 +485,8 @@ public class SecurityOperation {
public boolean canCompact(TCredentials c, String tableId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermission(c, SystemPermission.ALTER_TABLE, false) || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false)
- || hasTablePermission(c, tableId, TablePermission.WRITE, false) || hasNamespacePermissionForTableId(c, tableId, NamespacePermission.ALTER_TABLE, false)
- || hasNamespacePermissionForTableId(c, tableId, NamespacePermission.WRITE, false);
+ return hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false)
+ || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false) || hasTablePermission(c, tableId, TablePermission.WRITE, false);
}
public boolean canChangeAuthorizations(TCredentials c, String user) throws ThriftSecurityException {
@@ -546,13 +521,21 @@ public class SecurityOperation {
public boolean canGrantTable(TCredentials c, String user, String table) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermission(c, SystemPermission.ALTER_TABLE, false) || hasTablePermission(c, table, TablePermission.GRANT, false)
- || hasNamespacePermissionForTableId(c, table, NamespacePermission.ALTER_TABLE, false);
+ return hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, table, false) || hasTablePermission(c, table, TablePermission.GRANT, false);
}
public boolean canGrantNamespace(TCredentials c, String user, String namespace) throws ThriftSecurityException {
+ return canModifyNamespacePermission(c, user, namespace);
+ }
+
+ private boolean canModifyNamespacePermission(TCredentials c, String user, String namespace) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermission(c, SystemPermission.ALTER_NAMESPACE, false) || hasNamespacePermission(c, namespace, NamespacePermission.GRANT, false);
+ // The one case where Table/SystemPermission -> NamespacePermission breaks down. The alternative is to make SystemPermission.ALTER_NAMESPACE provide
+ // NamespacePermission.GRANT & ALTER_NAMESPACE, but then it would cause some permission checks to succeed with GRANT when they shouldn't
+
+ // This is a bit hackier then I (vines) wanted, but I think this one hackiness makes the overall SecurityOperations more succinct.
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_NAMESPACE, namespace, false)
+ || hasNamespacePermission(c, c.principal, namespace, NamespacePermission.GRANT);
}
public boolean canRevokeSystem(TCredentials c, String user, SystemPermission sysPerm) throws ThriftSecurityException {
@@ -570,13 +553,11 @@ public class SecurityOperation {
public boolean canRevokeTable(TCredentials c, String user, String table) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermission(c, SystemPermission.ALTER_TABLE, false) || hasTablePermission(c, table, TablePermission.GRANT, false)
- || hasNamespacePermissionForTableId(c, table, NamespacePermission.ALTER_TABLE, false);
+ return hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, table, false) || hasTablePermission(c, table, TablePermission.GRANT, false);
}
public boolean canRevokeNamespace(TCredentials c, String user, String namespace) throws ThriftSecurityException {
- authenticate(c);
- return hasSystemPermission(c, SystemPermission.ALTER_NAMESPACE, false) || hasNamespacePermission(c, namespace, NamespacePermission.GRANT, false);
+ return canModifyNamespacePermission(c, user, namespace);
}
public void changeAuthorizations(TCredentials credentials, String user, Authorizations authorizations) throws ThriftSecurityException {
@@ -787,20 +768,17 @@ public class SecurityOperation {
public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir) throws ThriftSecurityException {
authenticate(credentials);
- return hasTablePermission(credentials, tableId, TablePermission.READ, false)
- || hasNamespacePermissionForTableId(credentials, tableId, NamespacePermission.READ, false);
+ return hasTablePermission(credentials, tableId, TablePermission.READ, false);
}
public boolean canImport(TCredentials credentials, String tableName, String importDir) throws ThriftSecurityException {
authenticate(credentials);
- return hasSystemPermission(credentials, SystemPermission.CREATE_TABLE, false)
- || hasNamespacePermissionForTableName(credentials, tableName, NamespacePermission.CREATE_TABLE, false);
+ return hasSystemPermissionWithNamespaceId(credentials, SystemPermission.CREATE_TABLE, Tables.qualify(tableName).getFirst(), false);
}
public boolean canAlterNamespace(TCredentials credentials, String namespaceId) throws ThriftSecurityException {
authenticate(credentials);
- return hasNamespacePermission(credentials, namespaceId, NamespacePermission.ALTER_NAMESPACE, false)
- || hasSystemPermission(credentials, SystemPermission.ALTER_NAMESPACE, false);
+ return hasSystemPermissionWithNamespaceId(credentials, SystemPermission.ALTER_NAMESPACE, namespaceId, false);
}
public boolean canCreateNamespace(TCredentials credentials, String namespace) throws ThriftSecurityException {
@@ -815,13 +793,12 @@ public class SecurityOperation {
public boolean canDeleteNamespace(TCredentials credentials, String namespaceId) throws ThriftSecurityException {
authenticate(credentials);
- return hasSystemPermission(credentials, SystemPermission.DROP_NAMESPACE, false);
+ return hasSystemPermissionWithNamespaceId(credentials, SystemPermission.DROP_NAMESPACE, namespaceId, false);
}
public boolean canRenameNamespace(TCredentials credentials, String namespaceId, String oldName, String newName) throws ThriftSecurityException {
authenticate(credentials);
- return hasNamespacePermission(credentials, namespaceId, NamespacePermission.ALTER_NAMESPACE, false)
- || hasSystemPermission(credentials, SystemPermission.ALTER_NAMESPACE, false);
+ return hasSystemPermissionWithNamespaceId(credentials, SystemPermission.ALTER_NAMESPACE, namespaceId, false);
}
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/b80e1a4f/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java b/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
index 3a14ca2..21a35de 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
@@ -58,6 +58,7 @@ import org.apache.accumulo.master.tableOps.RenameTable;
import org.apache.accumulo.master.tableOps.TableRangeOp;
import org.apache.accumulo.master.tableOps.TraceRepo;
import org.apache.accumulo.server.client.ClientServiceHandler;
+import org.apache.accumulo.server.client.HdfsZooInstance;
import org.apache.accumulo.server.master.state.MergeInfo;
import org.apache.accumulo.server.util.TablePropUtil;
import org.apache.accumulo.trace.thrift.TInfo;
@@ -126,14 +127,19 @@ class FateServiceHandler implements FateService.Iface {
String tableName = validateTableNameArgument(arguments.get(0), tableOp, Tables.NOT_SYSTEM);
TimeType timeType = TimeType.valueOf(ByteBufferUtil.toString(arguments.get(1)));
- if (!master.security.canCreateTable(c, tableName))
- throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
+ String namespaceId;
try {
- master.fate.seedTransaction(opid, new TraceRepo<Master>(new CreateTable(c.getPrincipal(), tableName, timeType, options)), autoCleanup);
+ namespaceId = Namespaces.getNamespaceId(HdfsZooInstance.getInstance(), Tables.qualify(tableName).getFirst());
} catch (NamespaceNotFoundException e) {
throw new ThriftTableOperationException(null, tableName, tableOp, TableOperationExceptionType.NAMESPACE_NOTFOUND, "");
}
+
+ if (!master.security.canCreateTable(c, tableName, namespaceId))
+ throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
+
+ master.fate.seedTransaction(opid, new TraceRepo<Master>(new CreateTable(c.getPrincipal(), tableName, timeType, options, namespaceId)), autoCleanup);
+
break;
}
case TABLE_RENAME: {
http://git-wip-us.apache.org/repos/asf/accumulo/blob/b80e1a4f/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java
index 9535781..33ee878 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java
@@ -22,9 +22,7 @@ import java.util.Map.Entry;
import org.apache.accumulo.core.Constants;
import org.apache.accumulo.core.client.Instance;
-import org.apache.accumulo.core.client.NamespaceNotFoundException;
import org.apache.accumulo.core.client.admin.TimeType;
-import org.apache.accumulo.core.client.impl.Namespaces;
import org.apache.accumulo.core.client.impl.Tables;
import org.apache.accumulo.core.client.impl.thrift.TableOperation;
import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
@@ -35,7 +33,6 @@ import org.apache.accumulo.fate.Repo;
import org.apache.accumulo.fate.zookeeper.ZooUtil.NodeExistsPolicy;
import org.apache.accumulo.master.Master;
import org.apache.accumulo.server.ServerConstants;
-import org.apache.accumulo.server.client.HdfsZooInstance;
import org.apache.accumulo.server.fs.VolumeManager;
import org.apache.accumulo.server.security.AuditedSecurityOperation;
import org.apache.accumulo.server.security.SecurityOperation;
@@ -279,14 +276,13 @@ public class CreateTable extends MasterRepo {
private TableInfo tableInfo;
- public CreateTable(String user, String tableName, TimeType timeType, Map<String,String> props) throws NamespaceNotFoundException {
+ public CreateTable(String user, String tableName, TimeType timeType, Map<String,String> props, String namespaceId) {
tableInfo = new TableInfo();
tableInfo.tableName = tableName;
tableInfo.timeType = TabletTime.getTimeID(timeType);
tableInfo.user = user;
tableInfo.props = props;
- Instance inst = HdfsZooInstance.getInstance();
- tableInfo.namespaceId = Namespaces.getNamespaceId(inst, Tables.qualify(tableInfo.tableName).getFirst());
+ tableInfo.namespaceId = namespaceId;
}
@Override
http://git-wip-us.apache.org/repos/asf/accumulo/blob/b80e1a4f/test/src/main/java/org/apache/accumulo/test/randomwalk/security/CreateTable.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/CreateTable.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/CreateTable.java
index 16310a5..4c10b13 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/CreateTable.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/CreateTable.java
@@ -36,7 +36,7 @@ public class CreateTable extends Test {
String tableName = WalkingSecurity.get(state).getTableName();
boolean exists = WalkingSecurity.get(state).getTableExists();
- boolean hasPermission = WalkingSecurity.get(state).canCreateTable(WalkingSecurity.get(state).getSysCredentials());
+ boolean hasPermission = WalkingSecurity.get(state).canCreateTable(WalkingSecurity.get(state).getSysCredentials(), null, null);
try {
conn.tableOperations().create(tableName);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/b80e1a4f/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java b/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java
index addb377..6915c96 100644
--- a/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/NamespacesIT.java
@@ -560,7 +560,7 @@ public class NamespacesIT extends SimpleMacIT {
c.securityOperations().createLocalUser(u1, pass);
Connector user1Con = c.getInstance().getConnector(u1, pass);
-
+
try {
user1Con.tableOperations().create(t2);
fail();
@@ -680,6 +680,7 @@ public class NamespacesIT extends SimpleMacIT {
user1Con.namespaceOperations().create(n2);
c.securityOperations().revokeSystemPermission(u1, SystemPermission.CREATE_NAMESPACE);
+ c.securityOperations().revokeNamespacePermission(u1, n2, NamespacePermission.DROP_NAMESPACE);
try {
user1Con.namespaceOperations().delete(n2);
fail();
[3/9] git commit: Revert "ACCUMULO-2086 Use the tableID instead of
the tableName where necessary."
Posted by vi...@apache.org.
Revert "ACCUMULO-2086 Use the tableID instead of the tableName where necessary."
This reverts commit e8c9aae904380f22e55a31e3a7422ecd4597b0b0.
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/ca6c82bb
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/ca6c82bb
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/ca6c82bb
Branch: refs/heads/1.6.0-SNAPSHOT
Commit: ca6c82bbd02f18aaa9281aa12d8033e1475c441c
Parents: 12aa01e
Author: John Vines <vi...@apache.org>
Authored: Thu Jan 30 11:29:28 2014 -0500
Committer: John Vines <vi...@apache.org>
Committed: Thu Jan 30 11:29:28 2014 -0500
----------------------------------------------------------------------
.../test/randomwalk/security/TableOp.java | 20 +++++++-------------
1 file changed, 7 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/ca6c82bb/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
index 0215365..a636355 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
@@ -64,18 +64,12 @@ public class TableOp extends Test {
tp = TablePermission.valueOf(action);
}
- final boolean tableExists = WalkingSecurity.get(state).getTableExists();
- final String tableName = WalkingSecurity.get(state).getTableName();
- final String tableId = conn.tableOperations().tableIdMap().get(tableName);
-
- if (null == tableId) {
- log.error("Could not determine tableID from name " + tableName);
- return;
- }
+ boolean tableExists = WalkingSecurity.get(state).getTableExists();
+ String tableName = WalkingSecurity.get(state).getTableName();
switch (tp) {
case READ: {
- boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabCredentials(), tableId);
+ boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabCredentials(), tableName);
Authorizations auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabCredentials());
boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
boolean ambiguousAuths = WalkingSecurity.get(state).ambiguousAuthorizations(conn.whoami());
@@ -146,7 +140,7 @@ public class TableOp extends Test {
break;
}
case WRITE:
- boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabCredentials(), tableId);
+ boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabCredentials(), tableName);
boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
String key = WalkingSecurity.get(state).getLastKey() + "1";
@@ -220,7 +214,7 @@ public class TableOp extends Test {
return;
} catch (AccumuloSecurityException ae) {
if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
- if (WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableId))
+ if (WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableName))
throw new AccumuloException("Bulk Import failed when it should have worked: " + tableName);
return;
} else if (ae.getSecurityErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
@@ -234,12 +228,12 @@ public class TableOp extends Test {
fs.delete(dir, true);
fs.delete(fail, true);
- if (!WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableId))
+ if (!WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableName))
throw new AccumuloException("Bulk Import succeeded when it should have failed: " + dir + " table " + tableName);
break;
case ALTER_TABLE:
AlterTable.renameTable(conn, state, tableName, tableName + "plus",
- WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getTabCredentials(), tableId), tableExists);
+ WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getTabCredentials(), tableName), tableExists);
break;
case GRANT:
[9/9] git commit: ACCUMULO-2295 adjusting test timeouts
Posted by vi...@apache.org.
ACCUMULO-2295 adjusting test timeouts
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/2611cba3
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/2611cba3
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/2611cba3
Branch: refs/heads/1.6.0-SNAPSHOT
Commit: 2611cba3bce0b3db3a7a61af405f9c2ac8ac97c1
Parents: 3d8a116
Author: John Vines <vi...@apache.org>
Authored: Thu Jan 30 16:52:41 2014 -0500
Committer: John Vines <vi...@apache.org>
Committed: Thu Jan 30 16:52:41 2014 -0500
----------------------------------------------------------------------
.../org/apache/accumulo/test/ConfigurableMajorCompactionIT.java | 2 +-
.../org/apache/accumulo/test/functional/BatchWriterFlushIT.java | 2 +-
.../apache/accumulo/test/functional/BulkSplitOptimizationIT.java | 2 +-
.../test/java/org/apache/accumulo/test/functional/ReadWriteIT.java | 2 +-
test/src/test/java/org/apache/accumulo/test/functional/SslIT.java | 2 +-
.../src/test/java/org/apache/accumulo/test/functional/StartIT.java | 2 +-
.../test/java/org/apache/accumulo/test/functional/TimeoutIT.java | 2 +-
.../test/java/org/apache/accumulo/test/functional/WriteLotsIT.java | 2 +-
8 files changed, 8 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/2611cba3/test/src/test/java/org/apache/accumulo/test/ConfigurableMajorCompactionIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/ConfigurableMajorCompactionIT.java b/test/src/test/java/org/apache/accumulo/test/ConfigurableMajorCompactionIT.java
index ff3aa3d..28d183c 100644
--- a/test/src/test/java/org/apache/accumulo/test/ConfigurableMajorCompactionIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/ConfigurableMajorCompactionIT.java
@@ -74,7 +74,7 @@ public class ConfigurableMajorCompactionIT extends ConfigurableMacIT {
}
}
- @Test(timeout = 20 * 1000)
+ @Test(timeout = 30 * 1000)
public void test() throws Exception {
Connector conn = getConnector();
String tableName = "test";
http://git-wip-us.apache.org/repos/asf/accumulo/blob/2611cba3/test/src/test/java/org/apache/accumulo/test/functional/BatchWriterFlushIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/BatchWriterFlushIT.java b/test/src/test/java/org/apache/accumulo/test/functional/BatchWriterFlushIT.java
index 59fa753..e77709d 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/BatchWriterFlushIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/BatchWriterFlushIT.java
@@ -42,7 +42,7 @@ public class BatchWriterFlushIT extends SimpleMacIT {
private static final int NUM_TO_FLUSH = 100000;
- @Test(timeout = 30 * 1000)
+ @Test(timeout = 60 * 1000)
public void run() throws Exception {
Connector c = getConnector();
String[] tableNames = getTableNames(2);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/2611cba3/test/src/test/java/org/apache/accumulo/test/functional/BulkSplitOptimizationIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/BulkSplitOptimizationIT.java b/test/src/test/java/org/apache/accumulo/test/functional/BulkSplitOptimizationIT.java
index 204fd77..c2fe211 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/BulkSplitOptimizationIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/BulkSplitOptimizationIT.java
@@ -53,7 +53,7 @@ public class BulkSplitOptimizationIT extends ConfigurableMacIT {
static final int ROWS = 100000;
static final int SPLITS = 99;
- @Test(timeout = 60 * 1000)
+ @Test(timeout = 90 * 1000)
public void testBulkSplitOptimization() throws Exception {
final Connector c = getConnector();
c.tableOperations().create(TABLE_NAME);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/2611cba3/test/src/test/java/org/apache/accumulo/test/functional/ReadWriteIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/ReadWriteIT.java b/test/src/test/java/org/apache/accumulo/test/functional/ReadWriteIT.java
index 0065987..a44f0ec 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/ReadWriteIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/ReadWriteIT.java
@@ -230,7 +230,7 @@ public class ReadWriteIT extends ConfigurableMacIT {
assertTrue(foundFile);
}
- @Test(timeout = 4 * 60 * 1000)
+ @Test(timeout = 5 * 60 * 1000)
public void localityGroupChange() throws Exception {
// Make changes to locality groups and ensure nothing is lostssh
final Connector connector = getConnector();
http://git-wip-us.apache.org/repos/asf/accumulo/blob/2611cba3/test/src/test/java/org/apache/accumulo/test/functional/SslIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/SslIT.java b/test/src/test/java/org/apache/accumulo/test/functional/SslIT.java
index a453b0b..648a324 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/SslIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/SslIT.java
@@ -49,7 +49,7 @@ public class SslIT extends ConfigurableMacIT {
ShutdownIT.runAdminStopTest(getConnector(), getCluster());
}
- @Test(timeout = 2 * 60 * 1000)
+ @Test(timeout = 5 * 60 * 1000)
public void bulk() throws Exception {
BulkIT.runTest(getConnector(), getTableNames(1)[0]);
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/2611cba3/test/src/test/java/org/apache/accumulo/test/functional/StartIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/StartIT.java b/test/src/test/java/org/apache/accumulo/test/functional/StartIT.java
index 8162f71..cdc3f49 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/StartIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/StartIT.java
@@ -24,7 +24,7 @@ import org.junit.Test;
public class StartIT extends ConfigurableMacIT {
- @Test(timeout = 10 * 1000)
+ @Test(timeout = 15 * 1000)
public void test() throws Exception {
assertTrue(exec(TestMain.class, "exception").waitFor() != 0);
assertEquals(0, exec(TestMain.class, "success").waitFor());
http://git-wip-us.apache.org/repos/asf/accumulo/blob/2611cba3/test/src/test/java/org/apache/accumulo/test/functional/TimeoutIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/TimeoutIT.java b/test/src/test/java/org/apache/accumulo/test/functional/TimeoutIT.java
index 505d69b..34d605f 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/TimeoutIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/TimeoutIT.java
@@ -42,7 +42,7 @@ import org.junit.Test;
*/
public class TimeoutIT extends SimpleMacIT {
- @Test(timeout = 60 * 1000)
+ @Test(timeout = 75 * 1000)
public void run() throws Exception {
Connector conn = getConnector();
String[] tableNames = getTableNames(2);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/2611cba3/test/src/test/java/org/apache/accumulo/test/functional/WriteLotsIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/functional/WriteLotsIT.java b/test/src/test/java/org/apache/accumulo/test/functional/WriteLotsIT.java
index 7021395..a549920 100644
--- a/test/src/test/java/org/apache/accumulo/test/functional/WriteLotsIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/functional/WriteLotsIT.java
@@ -29,7 +29,7 @@ import org.junit.Test;
public class WriteLotsIT extends SimpleMacIT {
- @Test(timeout = 60 * 1000)
+ @Test(timeout = 90 * 1000)
public void writeLots() throws Exception {
final Connector c = getConnector();
final String tableName = getTableNames(1)[0];
[5/9] git commit: ACCUMULO-2260 removing table config copy test
Posted by vi...@apache.org.
ACCUMULO-2260 removing table config copy test
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/f0448ffa
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/f0448ffa
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/f0448ffa
Branch: refs/heads/1.6.0-SNAPSHOT
Commit: f0448ffa710ce5e598c204002eabf3a91210d8e8
Parents: b80e1a4
Author: John Vines <vi...@apache.org>
Authored: Thu Jan 30 14:29:05 2014 -0500
Committer: John Vines <vi...@apache.org>
Committed: Thu Jan 30 15:03:55 2014 -0500
----------------------------------------------------------------------
.../java/org/apache/accumulo/test/ShellServerIT.java | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/f0448ffa/test/src/test/java/org/apache/accumulo/test/ShellServerIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/ShellServerIT.java b/test/src/test/java/org/apache/accumulo/test/ShellServerIT.java
index cc5ce7b..58652c7 100644
--- a/test/src/test/java/org/apache/accumulo/test/ShellServerIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/ShellServerIT.java
@@ -978,21 +978,20 @@ public class ShellServerIT extends SimpleMacIT {
// can copy properties when creating
exec("createnamespace thing3 -cc thing2", true);
exec("config -ns thing3", true, "44444", true);
- exec("createnamespace thing4 -ctc thing2.thingy", true);
- exec("config -ns thing4", true, "55555", true);
exec("deletenamespace -f thing2", true);
exec("namespaces", true, "thing2", false);
exec("tables", true, "thing2.thingy", false);
// put constraints on a namespace
- exec("constraint -ns thing4 -a org.apache.accumulo.examples.simple.constraints.NumericValueConstraint", true);
- exec("createtable thing4.constrained", true);
- exec("table thing4.constrained", true);
+ exec("constraint -ns thing3 -a org.apache.accumulo.examples.simple.constraints.NumericValueConstraint", true);
+ exec("createtable thing3.constrained", true);
+ exec("table thing3.constrained", true);
+ exec("constraint -d 1");
// should fail
- exec("insert r cf cq abc", false);
exec("constraint -l", true, "NumericValueConstraint", true);
- exec("constraint -ns thing4 -d 2");
+ exec("insert r cf cq abc", false);
+ exec("constraint -ns thing3 -d 1");
exec("sleep 1");
exec("insert r cf cq abc", true);
}
[7/9] git commit: ACCUMULO-2289 Correcting Tables.getNamespace to
Tables.getNamespaceId
Posted by vi...@apache.org.
ACCUMULO-2289 Correcting Tables.getNamespace to Tables.getNamespaceId
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/939a4f9d
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/939a4f9d
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/939a4f9d
Branch: refs/heads/1.6.0-SNAPSHOT
Commit: 939a4f9d2cc41e7734bfbc1da0180b394e142014
Parents: 90e1f22
Author: John Vines <vi...@apache.org>
Authored: Thu Jan 30 16:01:43 2014 -0500
Committer: John Vines <vi...@apache.org>
Committed: Thu Jan 30 16:01:43 2014 -0500
----------------------------------------------------------------------
.../accumulo/core/client/impl/Tables.java | 6 +++---
.../core/util/shell/commands/ConfigCommand.java | 2 +-
.../server/client/ClientServiceHandler.java | 6 +++---
.../server/conf/TableParentConfiguration.java | 2 +-
.../accumulo/master/FateServiceHandler.java | 20 ++++++++++----------
.../master/MasterClientServiceHandler.java | 6 +++---
.../master/tableOps/CancelCompactions.java | 2 +-
.../master/tableOps/ChangeTableState.java | 2 +-
.../accumulo/master/tableOps/CloneTable.java | 2 +-
.../accumulo/master/tableOps/CompactRange.java | 4 ++--
.../accumulo/master/tableOps/DeleteTable.java | 2 +-
.../accumulo/master/tableOps/ExportTable.java | 2 +-
.../accumulo/master/tableOps/RenameTable.java | 2 +-
.../accumulo/master/tableOps/TableRangeOp.java | 4 ++--
.../apache/accumulo/tserver/TabletServer.java | 12 ++++++------
15 files changed, 37 insertions(+), 37 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/939a4f9d/core/src/main/java/org/apache/accumulo/core/client/impl/Tables.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/client/impl/Tables.java b/core/src/main/java/org/apache/accumulo/core/client/impl/Tables.java
index bed4234..8a2c2c7 100644
--- a/core/src/main/java/org/apache/accumulo/core/client/impl/Tables.java
+++ b/core/src/main/java/org/apache/accumulo/core/client/impl/Tables.java
@@ -286,13 +286,13 @@ public class Tables {
}
/**
- * Returns the namespace for a given table ID.
+ * Returns the namespace id for a given table ID.
* @param instance The Accumulo Instance
* @param tableId The tableId
- * @return The namespace which this table resides in.
+ * @return The namespace id which this table resides in.
* @throws IllegalArgumentException if the table doesn't exist in ZooKeeper
*/
- public static String getNamespace(Instance instance, String tableId) throws IllegalArgumentException {
+ public static String getNamespaceId(Instance instance, String tableId) throws IllegalArgumentException {
ArgumentChecker.notNull(instance, tableId);
ZooCache zc = getZooCache(instance);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/939a4f9d/core/src/main/java/org/apache/accumulo/core/util/shell/commands/ConfigCommand.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/accumulo/core/util/shell/commands/ConfigCommand.java b/core/src/main/java/org/apache/accumulo/core/util/shell/commands/ConfigCommand.java
index 90d02de..81cce7b 100644
--- a/core/src/main/java/org/apache/accumulo/core/util/shell/commands/ConfigCommand.java
+++ b/core/src/main/java/org/apache/accumulo/core/util/shell/commands/ConfigCommand.java
@@ -156,7 +156,7 @@ public class ConfigCommand extends Command {
final TreeMap<String,String> namespaceConfig = new TreeMap<String,String>();
if (tableName != null) {
String n = Namespaces.getNamespaceName(shellState.getInstance(),
- Tables.getNamespace(shellState.getInstance(), Tables.getTableId(shellState.getInstance(), tableName)));
+ Tables.getNamespaceId(shellState.getInstance(), Tables.getTableId(shellState.getInstance(), tableName)));
for (Entry<String,String> e : shellState.getConnector().namespaceOperations().getProperties(n)) {
namespaceConfig.put(e.getKey(), e.getValue());
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/939a4f9d/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java b/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
index 9b39582..3571d7f 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
@@ -183,7 +183,7 @@ public class ClientServiceHandler implements ClientService.Iface {
public void grantTablePermission(TInfo tinfo, TCredentials credentials, String user, String tableName, byte permission) throws ThriftSecurityException,
ThriftTableOperationException {
String tableId = checkTableId(instance, tableName, TableOperation.PERMISSION);
- String namespaceId = Tables.getNamespace(instance, tableId);
+ String namespaceId = Tables.getNamespaceId(instance, tableId);
security.grantTablePermission(credentials, user, tableId, TablePermission.getPermissionById(permission), namespaceId);
}
@@ -204,7 +204,7 @@ public class ClientServiceHandler implements ClientService.Iface {
public void revokeTablePermission(TInfo tinfo, TCredentials credentials, String user, String tableName, byte permission) throws ThriftSecurityException,
ThriftTableOperationException {
String tableId = checkTableId(instance, tableName, TableOperation.PERMISSION);
- String namespaceId = Tables.getNamespace(instance, tableId);
+ String namespaceId = Tables.getNamespaceId(instance, tableId);
security.revokeTablePermission(credentials, user, tableId, TablePermission.getPermissionById(permission), namespaceId);
}
@@ -405,7 +405,7 @@ public class ClientServiceHandler implements ClientService.Iface {
// ensure that table table exists
String tableId = checkTableId(instance, table, null);
tableIds.add(tableId);
- String namespaceId = Tables.getNamespace(instance, tableId);
+ String namespaceId = Tables.getNamespaceId(instance, tableId);
if (!security.canScan(credentials, tableId, namespaceId))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/939a4f9d/server/base/src/main/java/org/apache/accumulo/server/conf/TableParentConfiguration.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/conf/TableParentConfiguration.java b/server/base/src/main/java/org/apache/accumulo/server/conf/TableParentConfiguration.java
index 902ecd0..34eb781 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/conf/TableParentConfiguration.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/conf/TableParentConfiguration.java
@@ -34,6 +34,6 @@ public class TableParentConfiguration extends NamespaceConfiguration {
@Override
protected String getNamespaceId() {
- return Tables.getNamespace(inst, tableId);
+ return Tables.getNamespaceId(inst, tableId);
}
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/939a4f9d/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java b/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
index 6f2c39a..f3428a6 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
@@ -161,7 +161,7 @@ class FateServiceHandler implements FateService.Iface {
});
String tableId = ClientServiceHandler.checkTableId(master.getInstance(), oldTableName, tableOp);
- String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+ String namespaceId = Tables.getNamespaceId(master.getInstance(), tableId);
if (!master.security.canRenameTable(c, tableId, oldTableName, newTableName, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
@@ -216,7 +216,7 @@ class FateServiceHandler implements FateService.Iface {
String tableName = validateTableNameArgument(arguments.get(0), tableOp, Tables.NOT_SYSTEM);
final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
- String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+ String namespaceId = Tables.getNamespaceId(master.getInstance(), tableId);
if (!master.security.canDeleteTable(c, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
@@ -226,7 +226,7 @@ class FateServiceHandler implements FateService.Iface {
case TABLE_ONLINE: {
TableOperation tableOp = TableOperation.ONLINE;
final String tableId = validateTableIdArgument(arguments.get(0), tableOp, Tables.NOT_ROOT_ID);
- String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+ String namespaceId = Tables.getNamespaceId(master.getInstance(), tableId);
if (!master.security.canOnlineOfflineTable(c, tableId, op, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
@@ -237,7 +237,7 @@ class FateServiceHandler implements FateService.Iface {
case TABLE_OFFLINE: {
TableOperation tableOp = TableOperation.OFFLINE;
final String tableId = validateTableIdArgument(arguments.get(0), tableOp, Tables.NOT_ROOT_ID);
- String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+ String namespaceId = Tables.getNamespaceId(master.getInstance(), tableId);
if (!master.security.canOnlineOfflineTable(c, tableId, op, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
@@ -252,7 +252,7 @@ class FateServiceHandler implements FateService.Iface {
Text endRow = ByteBufferUtil.toText(arguments.get(2));
final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
- String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+ String namespaceId = Tables.getNamespaceId(master.getInstance(), tableId);
if (!master.security.canMerge(c, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
@@ -268,7 +268,7 @@ class FateServiceHandler implements FateService.Iface {
Text endRow = ByteBufferUtil.toText(arguments.get(2));
final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
- String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+ String namespaceId = Tables.getNamespaceId(master.getInstance(), tableId);
if (!master.security.canDeleteRange(c, tableId, tableName, startRow, endRow, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
@@ -284,7 +284,7 @@ class FateServiceHandler implements FateService.Iface {
boolean setTime = Boolean.parseBoolean(ByteBufferUtil.toString(arguments.get(3)));
final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
- String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+ String namespaceId = Tables.getNamespaceId(master.getInstance(), tableId);
if (!master.security.canBulkImport(c, tableId, tableName, dir, failDir, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
@@ -298,7 +298,7 @@ class FateServiceHandler implements FateService.Iface {
byte[] startRow = ByteBufferUtil.toBytes(arguments.get(1));
byte[] endRow = ByteBufferUtil.toBytes(arguments.get(2));
List<IteratorSetting> iterators = IteratorUtil.decodeIteratorSettings(ByteBufferUtil.toBytes(arguments.get(3)));
- String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+ String namespaceId = Tables.getNamespaceId(master.getInstance(), tableId);
if (!master.security.canCompact(c, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
@@ -309,7 +309,7 @@ class FateServiceHandler implements FateService.Iface {
case TABLE_CANCEL_COMPACT: {
TableOperation tableOp = TableOperation.COMPACT_CANCEL;
String tableId = validateTableIdArgument(arguments.get(0), tableOp, null);
- String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+ String namespaceId = Tables.getNamespaceId(master.getInstance(), tableId);
if (!master.security.canCompact(c, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
@@ -340,7 +340,7 @@ class FateServiceHandler implements FateService.Iface {
String exportDir = ByteBufferUtil.toString(arguments.get(1));
String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
- String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+ String namespaceId = Tables.getNamespaceId(master.getInstance(), tableId);
if (!master.security.canExport(c, tableId, tableName, exportDir, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/939a4f9d/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java b/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java
index e9914ab..8023169 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java
@@ -100,7 +100,7 @@ class MasterClientServiceHandler extends FateServiceHandler implements MasterCli
@Override
public long initiateFlush(TInfo tinfo, TCredentials c, String tableId) throws ThriftSecurityException, ThriftTableOperationException {
- String namespaceId = Tables.getNamespace(instance, tableId);
+ String namespaceId = Tables.getNamespaceId(instance, tableId);
master.security.canFlush(c, tableId, namespaceId);
String zTablePath = Constants.ZROOT + "/" + master.getConfiguration().getInstance().getInstanceID() + Constants.ZTABLES + "/" + tableId
@@ -129,7 +129,7 @@ class MasterClientServiceHandler extends FateServiceHandler implements MasterCli
@Override
public void waitForFlush(TInfo tinfo, TCredentials c, String tableId, ByteBuffer startRow, ByteBuffer endRow, long flushID, long maxLoops)
throws ThriftSecurityException, ThriftTableOperationException {
- String namespaceId = Tables.getNamespace(instance, tableId);
+ String namespaceId = Tables.getNamespaceId(instance, tableId);
master.security.canFlush(c, tableId, namespaceId);
if (endRow != null && startRow != null && ByteBufferUtil.toText(startRow).compareTo(ByteBufferUtil.toText(endRow)) >= 0)
@@ -435,7 +435,7 @@ class MasterClientServiceHandler extends FateServiceHandler implements MasterCli
private void alterTableProperty(TCredentials c, String tableName, String property, String value, TableOperation op) throws ThriftSecurityException,
ThriftTableOperationException {
final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, op);
- String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+ String namespaceId = Tables.getNamespaceId(master.getInstance(), tableId);
if (!master.security.canAlterTable(c, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/939a4f9d/server/master/src/main/java/org/apache/accumulo/master/tableOps/CancelCompactions.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CancelCompactions.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CancelCompactions.java
index 0e3af9d..d1c3c40 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CancelCompactions.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CancelCompactions.java
@@ -59,7 +59,7 @@ public class CancelCompactions extends MasterRepo {
public CancelCompactions(String tableId) {
this.tableId = tableId;
Instance inst = HdfsZooInstance.getInstance();
- this.namespaceId = Tables.getNamespace(inst, tableId);
+ this.namespaceId = Tables.getNamespaceId(inst, tableId);
}
@Override
http://git-wip-us.apache.org/repos/asf/accumulo/blob/939a4f9d/server/master/src/main/java/org/apache/accumulo/master/tableOps/ChangeTableState.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/ChangeTableState.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/ChangeTableState.java
index 7859c0e..f1878b0 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/ChangeTableState.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/ChangeTableState.java
@@ -37,7 +37,7 @@ public class ChangeTableState extends MasterRepo {
this.tableId = tableId;
this.top = top;
Instance inst = HdfsZooInstance.getInstance();
- this.namespaceId = Tables.getNamespace(inst, tableId);
+ this.namespaceId = Tables.getNamespaceId(inst, tableId);
if (top != TableOperation.ONLINE && top != TableOperation.OFFLINE)
throw new IllegalArgumentException(top.toString());
http://git-wip-us.apache.org/repos/asf/accumulo/blob/939a4f9d/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java
index bfaab82..da0afd8 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java
@@ -239,7 +239,7 @@ public class CloneTable extends MasterRepo {
cloneInfo.propertiesToExclude = propertiesToExclude;
cloneInfo.propertiesToSet = propertiesToSet;
Instance inst = HdfsZooInstance.getInstance();
- cloneInfo.srcNamespaceId = Tables.getNamespace(inst, cloneInfo.srcTableId);
+ cloneInfo.srcNamespaceId = Tables.getNamespaceId(inst, cloneInfo.srcTableId);
}
@Override
http://git-wip-us.apache.org/repos/asf/accumulo/blob/939a4f9d/server/master/src/main/java/org/apache/accumulo/master/tableOps/CompactRange.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CompactRange.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CompactRange.java
index df474b3..6081ff2 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CompactRange.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CompactRange.java
@@ -80,7 +80,7 @@ class CompactionDriver extends MasterRepo {
this.startRow = startRow;
this.endRow = endRow;
Instance inst = HdfsZooInstance.getInstance();
- this.namespaceId = Tables.getNamespace(inst, tableId);
+ this.namespaceId = Tables.getNamespaceId(inst, tableId);
}
@Override
@@ -294,7 +294,7 @@ public class CompactRange extends MasterRepo {
this.startRow = startRow.length == 0 ? null : startRow;
this.endRow = endRow.length == 0 ? null : endRow;
Instance inst = HdfsZooInstance.getInstance();
- this.namespaceId = Tables.getNamespace(inst, tableId);
+ this.namespaceId = Tables.getNamespaceId(inst, tableId);
if (iterators.size() > 0) {
this.iterators = WritableUtils.toByteArray(new CompactionIterators(this.startRow, this.endRow, iterators));
http://git-wip-us.apache.org/repos/asf/accumulo/blob/939a4f9d/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java
index 64c1d99..f30618e 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java
@@ -233,7 +233,7 @@ public class DeleteTable extends MasterRepo {
public DeleteTable(String tableId) {
this.tableId = tableId;
Instance inst = HdfsZooInstance.getInstance();
- this.namespaceId = Tables.getNamespace(inst, tableId);
+ this.namespaceId = Tables.getNamespaceId(inst, tableId);
}
@Override
http://git-wip-us.apache.org/repos/asf/accumulo/blob/939a4f9d/server/master/src/main/java/org/apache/accumulo/master/tableOps/ExportTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/ExportTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/ExportTable.java
index dd2d3f4..4b177b5 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/ExportTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/ExportTable.java
@@ -290,7 +290,7 @@ public class ExportTable extends MasterRepo {
tableInfo.exportDir = exportDir;
tableInfo.tableID = tableId;
Instance inst = HdfsZooInstance.getInstance();
- tableInfo.namespaceID = Tables.getNamespace(inst, tableId);
+ tableInfo.namespaceID = Tables.getNamespaceId(inst, tableId);
}
@Override
http://git-wip-us.apache.org/repos/asf/accumulo/blob/939a4f9d/server/master/src/main/java/org/apache/accumulo/master/tableOps/RenameTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/RenameTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/RenameTable.java
index 7e3a6f9..a261cbb 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/RenameTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/RenameTable.java
@@ -52,7 +52,7 @@ public class RenameTable extends MasterRepo {
this.oldTableName = oldTableName;
this.newTableName = newTableName;
Instance inst = HdfsZooInstance.getInstance();
- this.namespaceId = Tables.getNamespace(inst, tableId);
+ this.namespaceId = Tables.getNamespaceId(inst, tableId);
}
@Override
http://git-wip-us.apache.org/repos/asf/accumulo/blob/939a4f9d/server/master/src/main/java/org/apache/accumulo/master/tableOps/TableRangeOp.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/TableRangeOp.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/TableRangeOp.java
index a972d46..12849b6 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/TableRangeOp.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/TableRangeOp.java
@@ -54,7 +54,7 @@ class TableRangeOpWait extends MasterRepo {
public TableRangeOpWait(String tableId) {
this.tableId = tableId;
Instance inst = HdfsZooInstance.getInstance();
- this.namespaceId = Tables.getNamespace(inst, tableId);
+ this.namespaceId = Tables.getNamespaceId(inst, tableId);
}
@Override
@@ -102,7 +102,7 @@ public class TableRangeOp extends MasterRepo {
this.endRow = TextUtil.getBytes(endRow);
this.op = op;
Instance inst = HdfsZooInstance.getInstance();
- this.namespaceId = Tables.getNamespace(inst, tableId);
+ this.namespaceId = Tables.getNamespaceId(inst, tableId);
}
@Override
http://git-wip-us.apache.org/repos/asf/accumulo/blob/939a4f9d/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
----------------------------------------------------------------------
diff --git a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java b/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
index b5a8b2a..9d08c81 100644
--- a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
+++ b/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
@@ -1183,7 +1183,7 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
long readaheadThreshold) throws NotServingTabletException, ThriftSecurityException, org.apache.accumulo.core.tabletserver.thrift.TooManyFilesException {
String tableId = new String(textent.getTable());
- if (!security.canScan(credentials, tableId, Tables.getNamespace(instance, tableId), range, columns, ssiList, ssio, authorizations))
+ if (!security.canScan(credentials, tableId, Tables.getNamespaceId(instance, tableId), range, columns, ssiList, ssio, authorizations))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
if (!security.userHasAuthorizations(credentials, authorizations))
@@ -1341,7 +1341,7 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
// check if user has permission to the tables
for (String tableId : tables)
- if (!security.canScan(credentials, tableId, Tables.getNamespace(instance, tableId), tbatch, tcolumns, ssiList, ssio, authorizations))
+ if (!security.canScan(credentials, tableId, Tables.getNamespaceId(instance, tableId), tbatch, tcolumns, ssiList, ssio, authorizations))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
try {
@@ -1478,7 +1478,7 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
// the failures list
boolean sameTable = us.currentTablet != null && (us.currentTablet.getExtent().getTableId().equals(keyExtent.getTableId()));
String tableId = keyExtent.getTableId().toString();
- if (sameTable || security.canWrite(us.credentials, tableId, Tables.getNamespace(instance, tableId))) {
+ if (sameTable || security.canWrite(us.credentials, tableId, Tables.getNamespaceId(instance, tableId))) {
long t2 = System.currentTimeMillis();
us.authTimes.addStat(t2 - t1);
us.currentTablet = onlineTablets.get(keyExtent);
@@ -1743,7 +1743,7 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
ConstraintViolationException, ThriftSecurityException {
String tableId = new String(tkeyExtent.getTable());
- if (!security.canWrite(credentials, tableId, Tables.getNamespace(instance, tableId)))
+ if (!security.canWrite(credentials, tableId, Tables.getNamespaceId(instance, tableId)))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
KeyExtent keyExtent = new KeyExtent(tkeyExtent);
Tablet tablet = onlineTablets.get(new KeyExtent(keyExtent));
@@ -2005,7 +2005,7 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
throws ThriftSecurityException, TException {
Authorizations userauths = null;
- if (!security.canConditionallyUpdate(credentials, tableId, Tables.getNamespace(instance, tableId), authorizations))
+ if (!security.canConditionallyUpdate(credentials, tableId, Tables.getNamespaceId(instance, tableId), authorizations))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
userauths = security.getUserAuthorizations(credentials);
@@ -2087,7 +2087,7 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
ThriftSecurityException {
String tableId = new String(ByteBufferUtil.toBytes(tkeyExtent.table));
- String namespaceId = Tables.getNamespace(instance, tableId);
+ String namespaceId = Tables.getNamespaceId(instance, tableId);
if (!security.canSplitTablet(credentials, tableId, namespaceId))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
[6/9] git commit: ACCUMULO-1479 ACCUMULO-2086 ACCUMULO-2096
refactoring namespace translation out of security operations to fix security
randomwalk
Posted by vi...@apache.org.
ACCUMULO-1479 ACCUMULO-2086 ACCUMULO-2096 refactoring namespace translation out of security operations to fix security randomwalk
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/90e1f22a
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/90e1f22a
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/90e1f22a
Branch: refs/heads/1.6.0-SNAPSHOT
Commit: 90e1f22a1833baad0f986f2100c6ecb5662a8a8f
Parents: f0448ff
Author: John Vines <vi...@apache.org>
Authored: Thu Jan 30 16:00:23 2014 -0500
Committer: John Vines <vi...@apache.org>
Committed: Thu Jan 30 16:00:23 2014 -0500
----------------------------------------------------------------------
.../server/client/ClientServiceHandler.java | 11 +-
.../security/AuditedSecurityOperation.java | 52 +++----
.../server/security/SecurityOperation.java | 139 ++++++++-----------
.../accumulo/master/FateServiceHandler.java | 61 +++++---
.../java/org/apache/accumulo/master/Master.java | 2 +-
.../master/MasterClientServiceHandler.java | 12 +-
.../accumulo/master/tableOps/CloneTable.java | 4 +-
.../accumulo/master/tableOps/CreateTable.java | 4 +-
.../accumulo/master/tableOps/DeleteTable.java | 2 +-
.../accumulo/master/tableOps/ImportTable.java | 10 +-
.../apache/accumulo/tserver/TabletServer.java | 24 ++--
.../test/randomwalk/security/AlterTable.java | 3 +-
.../randomwalk/security/AlterTablePerm.java | 2 +-
.../test/randomwalk/security/DropTable.java | 3 +-
.../randomwalk/security/SecurityFixture.java | 4 +-
.../test/randomwalk/security/TableOp.java | 11 +-
.../randomwalk/security/WalkingSecurity.java | 9 ++
.../accumulo/test/ConditionalWriterIT.java | 2 +-
18 files changed, 195 insertions(+), 160 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java b/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
index ed8cbc6..9b39582 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/client/ClientServiceHandler.java
@@ -183,7 +183,9 @@ public class ClientServiceHandler implements ClientService.Iface {
public void grantTablePermission(TInfo tinfo, TCredentials credentials, String user, String tableName, byte permission) throws ThriftSecurityException,
ThriftTableOperationException {
String tableId = checkTableId(instance, tableName, TableOperation.PERMISSION);
- security.grantTablePermission(credentials, user, tableId, TablePermission.getPermissionById(permission));
+ String namespaceId = Tables.getNamespace(instance, tableId);
+
+ security.grantTablePermission(credentials, user, tableId, TablePermission.getPermissionById(permission), namespaceId);
}
@Override
@@ -202,7 +204,9 @@ public class ClientServiceHandler implements ClientService.Iface {
public void revokeTablePermission(TInfo tinfo, TCredentials credentials, String user, String tableName, byte permission) throws ThriftSecurityException,
ThriftTableOperationException {
String tableId = checkTableId(instance, tableName, TableOperation.PERMISSION);
- security.revokeTablePermission(credentials, user, tableId, TablePermission.getPermissionById(permission));
+ String namespaceId = Tables.getNamespace(instance, tableId);
+
+ security.revokeTablePermission(credentials, user, tableId, TablePermission.getPermissionById(permission), namespaceId);
}
@Override
@@ -401,7 +405,8 @@ public class ClientServiceHandler implements ClientService.Iface {
// ensure that table table exists
String tableId = checkTableId(instance, table, null);
tableIds.add(tableId);
- if (!security.canScan(credentials, tableId))
+ String namespaceId = Tables.getNamespace(instance, tableId);
+ if (!security.canScan(credentials, tableId, namespaceId))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java b/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
index 07492c6..d1fbdef 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/AuditedSecurityOperation.java
@@ -140,7 +140,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
}
@Override
- public boolean canScan(TCredentials credentials, String tableId, TRange range, List<TColumn> columns, List<IterInfo> ssiList,
+ public boolean canScan(TCredentials credentials, String tableId, String namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList,
Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
if (shouldAudit(credentials, tableId)) {
Range convertedRange = new Range(range);
@@ -148,7 +148,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
String tableName = getTableName(tableId);
try {
- boolean canScan = super.canScan(credentials, tableId);
+ boolean canScan = super.canScan(credentials, tableId, namespaceId);
audit(credentials, canScan, CAN_SCAN_AUDIT_TEMPLATE, tableName, getAuthString(authorizations), convertedRange, convertedColumns, ssiList, ssio);
return canScan;
@@ -157,14 +157,14 @@ public class AuditedSecurityOperation extends SecurityOperation {
throw ex;
}
} else {
- return super.canScan(credentials, tableId);
+ return super.canScan(credentials, tableId, namespaceId);
}
}
public static final String CAN_SCAN_BATCH_AUDIT_TEMPLATE = "action: scan; targetTable: %s; authorizations: %s; range: %s; columns: %s; iterators: %s; iteratorOptions: %s;";
@Override
- public boolean canScan(TCredentials credentials, String tableId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList,
+ public boolean canScan(TCredentials credentials, String tableId, String namespaceId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList,
Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
if (shouldAudit(credentials, tableId)) {
@SuppressWarnings({"unchecked", "rawtypes"})
@@ -178,7 +178,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
String tableName = getTableName(tableId);
try {
- boolean canScan = super.canScan(credentials, tableId);
+ boolean canScan = super.canScan(credentials, tableId, namespaceId);
audit(credentials, canScan, CAN_SCAN_BATCH_AUDIT_TEMPLATE, tableName, getAuthString(authorizations), truncated, convertedColumns, ssiList, ssio);
return canScan;
@@ -187,7 +187,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
throw ex;
}
} else {
- return super.canScan(credentials, tableId);
+ return super.canScan(credentials, tableId, namespaceId);
}
}
@@ -247,10 +247,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_DELETE_TABLE_AUDIT_TEMPLATE = "action: deleteTable; targetTable: %s;";
@Override
- public boolean canDeleteTable(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canDeleteTable(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
String tableName = getTableName(tableId);
try {
- boolean result = super.canDeleteTable(c, tableId);
+ boolean result = super.canDeleteTable(c, tableId, namespaceId);
audit(c, result, CAN_DELETE_TABLE_AUDIT_TEMPLATE, tableName, tableId);
return result;
} catch (ThriftSecurityException ex) {
@@ -262,9 +262,9 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_RENAME_TABLE_AUDIT_TEMPLATE = "action: renameTable; targetTable: %s; newTableName: %s;";
@Override
- public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName) throws ThriftSecurityException {
+ public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName, String namespaceId) throws ThriftSecurityException {
try {
- boolean result = super.canRenameTable(c, tableId, oldTableName, newTableName);
+ boolean result = super.canRenameTable(c, tableId, oldTableName, newTableName, namespaceId);
audit(c, result, CAN_RENAME_TABLE_AUDIT_TEMPLATE, oldTableName, newTableName);
return result;
} catch (ThriftSecurityException ex) {
@@ -276,10 +276,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_CLONE_TABLE_AUDIT_TEMPLATE = "action: cloneTable; targetTable: %s; newTableName: %s";
@Override
- public boolean canCloneTable(TCredentials c, String tableId, String tableName) throws ThriftSecurityException {
+ public boolean canCloneTable(TCredentials c, String tableId, String tableName, String destinationNamespaceId, String sourceNamespaceId) throws ThriftSecurityException {
String oldTableName = getTableName(tableId);
try {
- boolean result = super.canCloneTable(c, tableId, tableName);
+ boolean result = super.canCloneTable(c, tableId, tableName, destinationNamespaceId, sourceNamespaceId);
audit(c, result, CAN_CLONE_TABLE_AUDIT_TEMPLATE, oldTableName, tableName);
return result;
} catch (ThriftSecurityException ex) {
@@ -291,9 +291,9 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_DELETE_RANGE_AUDIT_TEMPLATE = "action: deleteData; targetTable: %s; startRange: %s; endRange: %s;";
@Override
- public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow) throws ThriftSecurityException {
+ public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow, String namespaceId) throws ThriftSecurityException {
try {
- boolean result = super.canDeleteRange(c, tableId, tableName, startRow, endRow);
+ boolean result = super.canDeleteRange(c, tableId, tableName, startRow, endRow,namespaceId);
audit(c, result, CAN_DELETE_RANGE_AUDIT_TEMPLATE, tableName, startRow.toString(), endRow.toString());
return result;
} catch (ThriftSecurityException ex) {
@@ -305,9 +305,9 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_BULK_IMPORT_AUDIT_TEMPLATE = "action: bulkImport; targetTable: %s; dataDir: %s; failDir: %s;";
@Override
- public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir) throws ThriftSecurityException {
+ public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir, String namespaceId) throws ThriftSecurityException {
try {
- boolean result = super.canBulkImport(c, tableId);
+ boolean result = super.canBulkImport(c, tableId, namespaceId);
audit(c, result, CAN_BULK_IMPORT_AUDIT_TEMPLATE, tableName, dir, failDir);
return result;
} catch (ThriftSecurityException ex) {
@@ -319,10 +319,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_IMPORT_AUDIT_TEMPLATE = "action: import; targetTable: %s; dataDir: %s;";
@Override
- public boolean canImport(TCredentials credentials, String tableName, String importDir) throws ThriftSecurityException {
+ public boolean canImport(TCredentials credentials, String tableName, String importDir, String namespaceId) throws ThriftSecurityException {
try {
- boolean result = super.canImport(credentials, tableName, importDir);
+ boolean result = super.canImport(credentials, tableName, importDir, namespaceId);
audit(credentials, result, CAN_IMPORT_AUDIT_TEMPLATE, tableName, importDir);
return result;
} catch (ThriftSecurityException ex) {
@@ -334,10 +334,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_EXPORT_AUDIT_TEMPLATE = "action: export; targetTable: %s; dataDir: %s;";
@Override
- public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir) throws ThriftSecurityException {
+ public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir, String namespaceId) throws ThriftSecurityException {
try {
- boolean result = super.canExport(credentials, tableId, tableName, exportDir);
+ boolean result = super.canExport(credentials, tableId, tableName, exportDir, namespaceId);
audit(credentials, result, CAN_EXPORT_AUDIT_TEMPLATE, tableName, exportDir);
return result;
} catch (ThriftSecurityException ex) {
@@ -375,10 +375,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE = "action: grantTablePermission; permission: %s; targetTable: %s; targetUser: %s;";
@Override
- public void grantTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
+ public void grantTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission, String namespaceId) throws ThriftSecurityException {
String tableName = getTableName(tableId);
try {
- super.grantTablePermission(credentials, user, tableId, permission);
+ super.grantTablePermission(credentials, user, tableId, permission, namespaceId);
audit(credentials, GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, GRANT_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
@@ -403,10 +403,10 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE = "action: revokeTablePermission; permission: %s; targetTable: %s; targetUser: %s;";
@Override
- public void revokeTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
+ public void revokeTablePermission(TCredentials credentials, String user, String tableId, TablePermission permission, String namespaceId) throws ThriftSecurityException {
String tableName = getTableName(tableId);
try {
- super.revokeTablePermission(credentials, user, tableId, permission);
+ super.revokeTablePermission(credentials, user, tableId, permission, namespaceId);
audit(credentials, REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
} catch (ThriftSecurityException ex) {
audit(credentials, ex, REVOKE_TABLE_PERMISSION_AUDIT_TEMPLATE, permission, tableName, user);
@@ -417,7 +417,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
public static final String CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE = "action: %s; targetTable: %s;";
@Override
- public boolean canOnlineOfflineTable(TCredentials credentials, String tableId, FateOperation op) throws ThriftSecurityException {
+ public boolean canOnlineOfflineTable(TCredentials credentials, String tableId, FateOperation op, String namespaceId) throws ThriftSecurityException {
String tableName = getTableName(tableId);
String operation = null;
if (op == FateOperation.TABLE_ONLINE)
@@ -425,7 +425,7 @@ public class AuditedSecurityOperation extends SecurityOperation {
if (op == FateOperation.TABLE_OFFLINE)
operation = "offlineTable";
try {
- boolean result = super.canOnlineOfflineTable(credentials, tableId, op);
+ boolean result = super.canOnlineOfflineTable(credentials, tableId, op, namespaceId);
audit(credentials, result, CAN_ONLINE_OFFLINE_TABLE_AUDIT_TEMPLATE, operation, tableName, tableId);
return result;
} catch (ThriftSecurityException ex) {
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
----------------------------------------------------------------------
diff --git a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
index ad1fbc0..d44d3da 100644
--- a/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
+++ b/server/base/src/main/java/org/apache/accumulo/server/security/SecurityOperation.java
@@ -27,7 +27,6 @@ import org.apache.accumulo.core.client.NamespaceNotFoundException;
import org.apache.accumulo.core.client.TableNotFoundException;
import org.apache.accumulo.core.client.admin.SecurityOperationsImpl;
import org.apache.accumulo.core.client.impl.Namespaces;
-import org.apache.accumulo.core.client.impl.Tables;
import org.apache.accumulo.core.client.impl.thrift.SecurityErrorCode;
import org.apache.accumulo.core.client.impl.thrift.ThriftSecurityException;
import org.apache.accumulo.core.client.security.tokens.AuthenticationToken;
@@ -246,20 +245,6 @@ public class SecurityOperation {
return hasSystemPermissionWithNamespaceId(credentials, permission, null, useCached);
}
- private boolean hasSystemPermissionWithTableId(TCredentials credentials, SystemPermission permission, String tableId, boolean useCached)
- throws ThriftSecurityException {
- if (isSystemUser(credentials))
- return true;
- String namespaceId = null;
- try {
- namespaceId = Namespaces.getNamespaceId(HdfsZooInstance.getInstance(), Tables.getNamespace(HdfsZooInstance.getInstance(), tableId));
- } catch (NamespaceNotFoundException nnfe) {
- // Don't care, we won't pay any attention to namespace permissions
- }
-
- return hasSystemPermissionWithNamespaceId(credentials, permission, namespaceId, useCached);
- }
-
/**
* Checks if a user has a system permission
*
@@ -305,12 +290,11 @@ public class SecurityOperation {
*
* @return true if a user exists and has permission; false otherwise
*/
- protected boolean hasTablePermission(TCredentials credentials, String table, TablePermission permission, boolean useCached) throws ThriftSecurityException {
+ protected boolean hasTablePermission(TCredentials credentials, String tableId, String namespaceId, TablePermission permission, boolean useCached) throws ThriftSecurityException {
if (isSystemUser(credentials))
return true;
- return _hasTablePermission(credentials.getPrincipal(), table, permission, useCached)
- || _hasNamespacePermission(credentials.getPrincipal(), Tables.getNamespace(HdfsZooInstance.getInstance(), table),
- NamespacePermission.getEquivalent(permission), useCached);
+ return _hasTablePermission(credentials.getPrincipal(), tableId, permission, useCached)
+ || _hasNamespacePermission(credentials.getPrincipal(), namespaceId, NamespacePermission.getEquivalent(permission), useCached);
}
/**
@@ -381,38 +365,38 @@ public class SecurityOperation {
}
}
- public boolean canScan(TCredentials credentials, String table) throws ThriftSecurityException {
+ public boolean canScan(TCredentials credentials, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(credentials);
- return hasTablePermission(credentials, table, TablePermission.READ, true);
+ return hasTablePermission(credentials, tableId, namespaceId, TablePermission.READ, true);
}
- public boolean canScan(TCredentials credentials, String table, TRange range, List<TColumn> columns, List<IterInfo> ssiList,
+ public boolean canScan(TCredentials credentials, String tableId, String namespaceId, TRange range, List<TColumn> columns, List<IterInfo> ssiList,
Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
- return canScan(credentials, table);
+ return canScan(credentials, tableId, namespaceId);
}
- public boolean canScan(TCredentials credentials, String table, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList,
+ public boolean canScan(TCredentials credentials, String table, String namespaceId, Map<TKeyExtent,List<TRange>> tbatch, List<TColumn> tcolumns, List<IterInfo> ssiList,
Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations) throws ThriftSecurityException {
- return canScan(credentials, table);
+ return canScan(credentials, table, namespaceId);
}
- public boolean canWrite(TCredentials credentials, String table) throws ThriftSecurityException {
+ public boolean canWrite(TCredentials credentials, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(credentials);
- return hasTablePermission(credentials, table, TablePermission.WRITE, true);
+ return hasTablePermission(credentials, tableId, namespaceId, TablePermission.WRITE, true);
}
- public boolean canConditionallyUpdate(TCredentials credentials, String tableID, List<ByteBuffer> authorizations) throws ThriftSecurityException {
+ public boolean canConditionallyUpdate(TCredentials credentials, String tableID, String namespaceId, List<ByteBuffer> authorizations) throws ThriftSecurityException {
authenticate(credentials);
- return hasTablePermission(credentials, tableID, TablePermission.WRITE, true) && hasTablePermission(credentials, tableID, TablePermission.READ, true);
+ return hasTablePermission(credentials, tableID, namespaceId, TablePermission.WRITE, true) && hasTablePermission(credentials, tableID, namespaceId, TablePermission.READ, true);
}
- public boolean canSplitTablet(TCredentials credentials, String tableId) throws ThriftSecurityException {
+ public boolean canSplitTablet(TCredentials credentials, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(credentials);
- return hasSystemPermissionWithTableId(credentials, SystemPermission.ALTER_TABLE, tableId, false)
- || hasSystemPermissionWithTableId(credentials, SystemPermission.SYSTEM, tableId, false)
- || hasTablePermission(credentials, tableId, TablePermission.ALTER_TABLE, false);
+ return hasSystemPermissionWithNamespaceId(credentials, SystemPermission.ALTER_TABLE, namespaceId, false)
+ || hasSystemPermissionWithNamespaceId(credentials, SystemPermission.SYSTEM, namespaceId, false)
+ || hasTablePermission(credentials, tableId, namespaceId, TablePermission.ALTER_TABLE, false);
}
/**
@@ -423,15 +407,15 @@ public class SecurityOperation {
return hasSystemPermission(credentials, SystemPermission.SYSTEM, false);
}
- public boolean canFlush(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canFlush(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasTablePermission(c, tableId, TablePermission.WRITE, false) || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false);
+ return hasTablePermission(c, tableId, namespaceId, TablePermission.WRITE, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false);
}
- public boolean canAlterTable(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canAlterTable(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false)
- || hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false);
+ return hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false)
+ || hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false);
}
public boolean canCreateTable(TCredentials c, String table, String namespaceId) throws ThriftSecurityException {
@@ -439,54 +423,54 @@ public class SecurityOperation {
return hasSystemPermissionWithNamespaceId(c, SystemPermission.CREATE_TABLE, namespaceId, false);
}
- public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName) throws ThriftSecurityException {
+ public boolean canRenameTable(TCredentials c, String tableId, String oldTableName, String newTableName, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false)
- || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false)
+ || hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false);
}
- public boolean canCloneTable(TCredentials c, String tableId, String tableName) throws ThriftSecurityException {
+ public boolean canCloneTable(TCredentials c, String tableId, String tableName, String destinationNamespaceId, String srcNamespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.CREATE_TABLE, tableId, false) && hasTablePermission(c, tableId, TablePermission.READ, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.CREATE_TABLE, destinationNamespaceId, false) && hasTablePermission(c, tableId, srcNamespaceId, TablePermission.READ, false);
}
- public boolean canDeleteTable(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canDeleteTable(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.DROP_TABLE, tableId, false) || hasTablePermission(c, tableId, TablePermission.DROP_TABLE, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.DROP_TABLE, namespaceId, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.DROP_TABLE, false);
}
- public boolean canOnlineOfflineTable(TCredentials c, String tableId, FateOperation op) throws ThriftSecurityException {
+ public boolean canOnlineOfflineTable(TCredentials c, String tableId, FateOperation op, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.SYSTEM, tableId, false)
- || hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false)
- || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.SYSTEM, namespaceId, false)
+ || hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false)
+ || hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false);
}
- public boolean canMerge(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canMerge(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.SYSTEM, tableId, false)
- || hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false)
- || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.SYSTEM, namespaceId, false)
+ || hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false)
+ || hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false);
}
- public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow) throws ThriftSecurityException {
+ public boolean canDeleteRange(TCredentials c, String tableId, String tableName, Text startRow, Text endRow, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.SYSTEM, tableId, false) || hasTablePermission(c, tableId, TablePermission.WRITE, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.SYSTEM, namespaceId, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.WRITE, false);
}
- public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir) throws ThriftSecurityException {
- return canBulkImport(c, tableId);
+ public boolean canBulkImport(TCredentials c, String tableId, String tableName, String dir, String failDir, String namespaceId) throws ThriftSecurityException {
+ return canBulkImport(c, tableId, namespaceId);
}
- public boolean canBulkImport(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canBulkImport(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasTablePermission(c, tableId, TablePermission.BULK_IMPORT, false);
+ return hasTablePermission(c, tableId, namespaceId, TablePermission.BULK_IMPORT, false);
}
- public boolean canCompact(TCredentials c, String tableId) throws ThriftSecurityException {
+ public boolean canCompact(TCredentials c, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, tableId, false)
- || hasTablePermission(c, tableId, TablePermission.ALTER_TABLE, false) || hasTablePermission(c, tableId, TablePermission.WRITE, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false)
+ || hasTablePermission(c, tableId, namespaceId, TablePermission.ALTER_TABLE, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.WRITE, false);
}
public boolean canChangeAuthorizations(TCredentials c, String user) throws ThriftSecurityException {
@@ -519,9 +503,9 @@ public class SecurityOperation {
return hasSystemPermission(c, SystemPermission.GRANT, false);
}
- public boolean canGrantTable(TCredentials c, String user, String table) throws ThriftSecurityException {
+ public boolean canGrantTable(TCredentials c, String user, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, table, false) || hasTablePermission(c, table, TablePermission.GRANT, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.GRANT, false);
}
public boolean canGrantNamespace(TCredentials c, String user, String namespace) throws ThriftSecurityException {
@@ -551,9 +535,9 @@ public class SecurityOperation {
return hasSystemPermission(c, SystemPermission.GRANT, false);
}
- public boolean canRevokeTable(TCredentials c, String user, String table) throws ThriftSecurityException {
+ public boolean canRevokeTable(TCredentials c, String user, String tableId, String namespaceId) throws ThriftSecurityException {
authenticate(c);
- return hasSystemPermissionWithTableId(c, SystemPermission.ALTER_TABLE, table, false) || hasTablePermission(c, table, TablePermission.GRANT, false);
+ return hasSystemPermissionWithNamespaceId(c, SystemPermission.ALTER_TABLE, namespaceId, false) || hasTablePermission(c, tableId, namespaceId, TablePermission.GRANT, false);
}
public boolean canRevokeNamespace(TCredentials c, String user, String namespace) throws ThriftSecurityException {
@@ -629,8 +613,8 @@ public class SecurityOperation {
}
}
- public void grantTablePermission(TCredentials c, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
- if (!canGrantTable(c, user, tableId))
+ public void grantTablePermission(TCredentials c, String user, String tableId, TablePermission permission, String namespaceId) throws ThriftSecurityException {
+ if (!canGrantTable(c, user, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
targetUserExists(user);
@@ -677,8 +661,8 @@ public class SecurityOperation {
}
}
- public void revokeTablePermission(TCredentials c, String user, String tableId, TablePermission permission) throws ThriftSecurityException {
- if (!canRevokeTable(c, user, tableId))
+ public void revokeTablePermission(TCredentials c, String user, String tableId, TablePermission permission, String namespaceId) throws ThriftSecurityException {
+ if (!canRevokeTable(c, user, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
targetUserExists(user);
@@ -740,8 +724,8 @@ public class SecurityOperation {
}
}
- public void deleteTable(TCredentials credentials, String tableId) throws ThriftSecurityException {
- if (!canDeleteTable(credentials, tableId))
+ public void deleteTable(TCredentials credentials, String tableId, String namespaceId) throws ThriftSecurityException {
+ if (!canDeleteTable(credentials, tableId, namespaceId))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
try {
permHandle.cleanTablePermissions(tableId);
@@ -766,14 +750,14 @@ public class SecurityOperation {
}
}
- public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir) throws ThriftSecurityException {
+ public boolean canExport(TCredentials credentials, String tableId, String tableName, String exportDir, String namespaceId) throws ThriftSecurityException {
authenticate(credentials);
- return hasTablePermission(credentials, tableId, TablePermission.READ, false);
+ return hasTablePermission(credentials, tableId, namespaceId, TablePermission.READ, false);
}
- public boolean canImport(TCredentials credentials, String tableName, String importDir) throws ThriftSecurityException {
+ public boolean canImport(TCredentials credentials, String tableName, String importDir, String namespaceId) throws ThriftSecurityException {
authenticate(credentials);
- return hasSystemPermissionWithNamespaceId(credentials, SystemPermission.CREATE_TABLE, Tables.qualify(tableName).getFirst(), false);
+ return hasSystemPermissionWithNamespaceId(credentials, SystemPermission.CREATE_TABLE, namespaceId, false);
}
public boolean canAlterNamespace(TCredentials credentials, String namespaceId) throws ThriftSecurityException {
@@ -782,11 +766,10 @@ public class SecurityOperation {
}
public boolean canCreateNamespace(TCredentials credentials, String namespace) throws ThriftSecurityException {
- authenticate(credentials);
return canCreateNamespace(credentials);
}
- public boolean canCreateNamespace(TCredentials credentials) throws ThriftSecurityException {
+ private boolean canCreateNamespace(TCredentials credentials) throws ThriftSecurityException {
authenticate(credentials);
return hasSystemPermission(credentials, SystemPermission.CREATE_NAMESPACE, false);
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java b/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
index 21a35de..6f2c39a 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/FateServiceHandler.java
@@ -58,7 +58,6 @@ import org.apache.accumulo.master.tableOps.RenameTable;
import org.apache.accumulo.master.tableOps.TableRangeOp;
import org.apache.accumulo.master.tableOps.TraceRepo;
import org.apache.accumulo.server.client.ClientServiceHandler;
-import org.apache.accumulo.server.client.HdfsZooInstance;
import org.apache.accumulo.server.master.state.MergeInfo;
import org.apache.accumulo.server.util.TablePropUtil;
import org.apache.accumulo.trace.thrift.TInfo;
@@ -130,7 +129,7 @@ class FateServiceHandler implements FateService.Iface {
String namespaceId;
try {
- namespaceId = Namespaces.getNamespaceId(HdfsZooInstance.getInstance(), Tables.qualify(tableName).getFirst());
+ namespaceId = Namespaces.getNamespaceId(master.getInstance(), Tables.qualify(tableName).getFirst());
} catch (NamespaceNotFoundException e) {
throw new ThriftTableOperationException(null, tableName, tableOp, TableOperationExceptionType.NAMESPACE_NOTFOUND, "");
}
@@ -162,8 +161,9 @@ class FateServiceHandler implements FateService.Iface {
});
String tableId = ClientServiceHandler.checkTableId(master.getInstance(), oldTableName, tableOp);
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
- if (!master.security.canRenameTable(c, tableId, oldTableName, newTableName))
+ if (!master.security.canRenameTable(c, tableId, oldTableName, newTableName, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
try {
@@ -178,8 +178,15 @@ class FateServiceHandler implements FateService.Iface {
TableOperation tableOp = TableOperation.CLONE;
String srcTableId = validateTableIdArgument(arguments.get(0), tableOp, Tables.NOT_ROOT_ID);
String tableName = validateTableNameArgument(arguments.get(1), tableOp, Tables.NOT_SYSTEM);
-
- if (!master.security.canCloneTable(c, srcTableId, tableName))
+ String namespaceId;
+ try {
+ namespaceId = Namespaces.getNamespaceId(master.getInstance(), Tables.qualify(tableName).getFirst());
+ } catch (NamespaceNotFoundException e) {
+ // shouldn't happen, but possible once cloning between namespaces is supported
+ throw new ThriftTableOperationException(null, tableName, tableOp, TableOperationExceptionType.NAMESPACE_NOTFOUND, "");
+ }
+
+ if (!master.security.canCloneTable(c, srcTableId, tableName, namespaceId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
Map<String,String> propertiesToSet = new HashMap<String,String>();
@@ -209,7 +216,9 @@ class FateServiceHandler implements FateService.Iface {
String tableName = validateTableNameArgument(arguments.get(0), tableOp, Tables.NOT_SYSTEM);
final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
- if (!master.security.canDeleteTable(c, tableId))
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+
+ if (!master.security.canDeleteTable(c, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
master.fate.seedTransaction(opid, new TraceRepo<Master>(new DeleteTable(tableId)), autoCleanup);
break;
@@ -217,8 +226,9 @@ class FateServiceHandler implements FateService.Iface {
case TABLE_ONLINE: {
TableOperation tableOp = TableOperation.ONLINE;
final String tableId = validateTableIdArgument(arguments.get(0), tableOp, Tables.NOT_ROOT_ID);
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
- if (!master.security.canOnlineOfflineTable(c, tableId, op))
+ if (!master.security.canOnlineOfflineTable(c, tableId, op, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
master.fate.seedTransaction(opid, new TraceRepo<Master>(new ChangeTableState(tableId, tableOp)), autoCleanup);
@@ -227,8 +237,9 @@ class FateServiceHandler implements FateService.Iface {
case TABLE_OFFLINE: {
TableOperation tableOp = TableOperation.OFFLINE;
final String tableId = validateTableIdArgument(arguments.get(0), tableOp, Tables.NOT_ROOT_ID);
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
- if (!master.security.canOnlineOfflineTable(c, tableId, op))
+ if (!master.security.canOnlineOfflineTable(c, tableId, op, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
master.fate.seedTransaction(opid, new TraceRepo<Master>(new ChangeTableState(tableId, tableOp)), autoCleanup);
@@ -241,7 +252,9 @@ class FateServiceHandler implements FateService.Iface {
Text endRow = ByteBufferUtil.toText(arguments.get(2));
final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
- if (!master.security.canMerge(c, tableId))
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+
+ if (!master.security.canMerge(c, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
Master.log.debug("Creating merge op: " + tableId + " " + startRow + " " + endRow);
@@ -255,7 +268,9 @@ class FateServiceHandler implements FateService.Iface {
Text endRow = ByteBufferUtil.toText(arguments.get(2));
final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
- if (!master.security.canDeleteRange(c, tableId, tableName, startRow, endRow))
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+
+ if (!master.security.canDeleteRange(c, tableId, tableName, startRow, endRow, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
master.fate.seedTransaction(opid, new TraceRepo<Master>(new TableRangeOp(MergeInfo.Operation.DELETE, tableId, startRow, endRow)), autoCleanup);
@@ -269,7 +284,9 @@ class FateServiceHandler implements FateService.Iface {
boolean setTime = Boolean.parseBoolean(ByteBufferUtil.toString(arguments.get(3)));
final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
- if (!master.security.canBulkImport(c, tableId, tableName, dir, failDir))
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+
+ if (!master.security.canBulkImport(c, tableId, tableName, dir, failDir, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
master.fate.seedTransaction(opid, new TraceRepo<Master>(new BulkImport(tableId, dir, failDir, setTime)), autoCleanup);
@@ -281,8 +298,9 @@ class FateServiceHandler implements FateService.Iface {
byte[] startRow = ByteBufferUtil.toBytes(arguments.get(1));
byte[] endRow = ByteBufferUtil.toBytes(arguments.get(2));
List<IteratorSetting> iterators = IteratorUtil.decodeIteratorSettings(ByteBufferUtil.toBytes(arguments.get(3)));
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
- if (!master.security.canCompact(c, tableId))
+ if (!master.security.canCompact(c, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
master.fate.seedTransaction(opid, new TraceRepo<Master>(new CompactRange(tableId, startRow, endRow, iterators)), autoCleanup);
@@ -291,8 +309,9 @@ class FateServiceHandler implements FateService.Iface {
case TABLE_CANCEL_COMPACT: {
TableOperation tableOp = TableOperation.COMPACT_CANCEL;
String tableId = validateTableIdArgument(arguments.get(0), tableOp, null);
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
- if (!master.security.canCompact(c, tableId))
+ if (!master.security.canCompact(c, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
master.fate.seedTransaction(opid, new TraceRepo<Master>(new CancelCompactions(tableId)), autoCleanup);
@@ -302,15 +321,17 @@ class FateServiceHandler implements FateService.Iface {
TableOperation tableOp = TableOperation.IMPORT;
String tableName = validateTableNameArgument(arguments.get(0), tableOp, Tables.NOT_SYSTEM);
String exportDir = ByteBufferUtil.toString(arguments.get(1));
-
- if (!master.security.canImport(c, tableName, exportDir))
- throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
-
+ String namespaceId;
try {
- master.fate.seedTransaction(opid, new TraceRepo<Master>(new ImportTable(c.getPrincipal(), tableName, exportDir)), autoCleanup);
+ namespaceId = Namespaces.getNamespaceId(master.getInstance(), Tables.qualify(tableName).getFirst());
} catch (NamespaceNotFoundException e) {
throw new ThriftTableOperationException(null, tableName, tableOp, TableOperationExceptionType.NAMESPACE_NOTFOUND, "");
}
+
+ if (!master.security.canImport(c, tableName, exportDir, namespaceId))
+ throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
+
+ master.fate.seedTransaction(opid, new TraceRepo<Master>(new ImportTable(c.getPrincipal(), tableName, exportDir, namespaceId)), autoCleanup);
break;
}
case TABLE_EXPORT: {
@@ -319,7 +340,9 @@ class FateServiceHandler implements FateService.Iface {
String exportDir = ByteBufferUtil.toString(arguments.get(1));
String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, tableOp);
- if (!master.security.canExport(c, tableId, tableName, exportDir))
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+
+ if (!master.security.canExport(c, tableId, tableName, exportDir, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
master.fate.seedTransaction(opid, new TraceRepo<Master>(new ExportTable(tableName, tableId, exportDir)), autoCleanup);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/Master.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/Master.java b/server/master/src/main/java/org/apache/accumulo/master/Master.java
index 86a35cd..60881a5 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/Master.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/Master.java
@@ -289,7 +289,7 @@ public class Master implements LiveTServerSet.Listener, TableObserver, CurrentSt
NodeExistsPolicy.SKIP);
Initialize.initMetadataConfig(RootTable.ID);
// ensure root user can flush root table
- security.grantTablePermission(SystemCredentials.get().toThrift(instance), security.getRootUsername(), RootTable.ID, TablePermission.ALTER_TABLE);
+ security.grantTablePermission(SystemCredentials.get().toThrift(instance), security.getRootUsername(), RootTable.ID, TablePermission.ALTER_TABLE, Namespaces.ACCUMULO_NAMESPACE_ID);
// put existing tables in the correct namespaces
String tables = ZooUtil.getRoot(instance) + Constants.ZTABLES;
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java b/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java
index 3a39f5c..e9914ab 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/MasterClientServiceHandler.java
@@ -28,6 +28,7 @@ import org.apache.accumulo.core.Constants;
import org.apache.accumulo.core.client.AccumuloException;
import org.apache.accumulo.core.client.AccumuloSecurityException;
import org.apache.accumulo.core.client.Connector;
+import org.apache.accumulo.core.client.Instance;
import org.apache.accumulo.core.client.IsolatedScanner;
import org.apache.accumulo.core.client.RowIterator;
import org.apache.accumulo.core.client.Scanner;
@@ -90,14 +91,17 @@ import org.apache.zookeeper.KeeperException.NoNodeException;
class MasterClientServiceHandler extends FateServiceHandler implements MasterClientService.Iface {
private static final Logger log = Master.log;
+ private Instance instance;
MasterClientServiceHandler(Master master) {
super(master);
+ this.instance = master.getInstance();
}
@Override
public long initiateFlush(TInfo tinfo, TCredentials c, String tableId) throws ThriftSecurityException, ThriftTableOperationException {
- master.security.canFlush(c, tableId);
+ String namespaceId = Tables.getNamespace(instance, tableId);
+ master.security.canFlush(c, tableId, namespaceId);
String zTablePath = Constants.ZROOT + "/" + master.getConfiguration().getInstance().getInstanceID() + Constants.ZTABLES + "/" + tableId
+ Constants.ZTABLE_FLUSH_ID;
@@ -125,7 +129,8 @@ class MasterClientServiceHandler extends FateServiceHandler implements MasterCli
@Override
public void waitForFlush(TInfo tinfo, TCredentials c, String tableId, ByteBuffer startRow, ByteBuffer endRow, long flushID, long maxLoops)
throws ThriftSecurityException, ThriftTableOperationException {
- master.security.canFlush(c, tableId);
+ String namespaceId = Tables.getNamespace(instance, tableId);
+ master.security.canFlush(c, tableId, namespaceId);
if (endRow != null && startRow != null && ByteBufferUtil.toText(startRow).compareTo(ByteBufferUtil.toText(endRow)) >= 0)
throw new ThriftTableOperationException(tableId, null, TableOperation.FLUSH, TableOperationExceptionType.BAD_RANGE, "start row must be less than end row");
@@ -430,7 +435,8 @@ class MasterClientServiceHandler extends FateServiceHandler implements MasterCli
private void alterTableProperty(TCredentials c, String tableName, String property, String value, TableOperation op) throws ThriftSecurityException,
ThriftTableOperationException {
final String tableId = ClientServiceHandler.checkTableId(master.getInstance(), tableName, op);
- if (!master.security.canAlterTable(c, tableId))
+ String namespaceId = Tables.getNamespace(master.getInstance(), tableId);
+ if (!master.security.canAlterTable(c, tableId, namespaceId))
throw new ThriftSecurityException(c.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
try {
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java
index cba1492..bfaab82 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CloneTable.java
@@ -202,7 +202,7 @@ class ClonePermissions extends MasterRepo {
for (TablePermission permission : TablePermission.values()) {
try {
AuditedSecurityOperation.getInstance().grantTablePermission(SystemCredentials.get().toThrift(environment.getInstance()), cloneInfo.user,
- cloneInfo.tableId, permission);
+ cloneInfo.tableId, permission, cloneInfo.namespaceId);
} catch (ThriftSecurityException e) {
Logger.getLogger(FinishCloneTable.class).error(e.getMessage(), e);
throw e;
@@ -222,7 +222,7 @@ class ClonePermissions extends MasterRepo {
@Override
public void undo(long tid, Master environment) throws Exception {
- AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(environment.getInstance()), cloneInfo.tableId);
+ AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(environment.getInstance()), cloneInfo.tableId, cloneInfo.namespaceId);
}
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java
index 33ee878..5b64053 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/CreateTable.java
@@ -251,7 +251,7 @@ class SetupPermissions extends MasterRepo {
SecurityOperation security = AuditedSecurityOperation.getInstance();
for (TablePermission permission : TablePermission.values()) {
try {
- security.grantTablePermission(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.user, tableInfo.tableId, permission);
+ security.grantTablePermission(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.user, tableInfo.tableId, permission, tableInfo.namespaceId);
} catch (ThriftSecurityException e) {
Logger.getLogger(FinishCreateTable.class).error(e.getMessage(), e);
throw e;
@@ -266,7 +266,7 @@ class SetupPermissions extends MasterRepo {
@Override
public void undo(long tid, Master env) throws Exception {
- AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.tableId);
+ AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.tableId, tableInfo.namespaceId);
}
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java
index 166ec89..64c1d99 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/DeleteTable.java
@@ -204,7 +204,7 @@ class CleanUp extends MasterRepo {
// remove any permissions associated with this table
try {
- AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(master.getInstance()), tableId);
+ AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(master.getInstance()), tableId, namespaceId);
} catch (ThriftSecurityException e) {
log.error(e.getMessage(), e);
}
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/master/src/main/java/org/apache/accumulo/master/tableOps/ImportTable.java
----------------------------------------------------------------------
diff --git a/server/master/src/main/java/org/apache/accumulo/master/tableOps/ImportTable.java b/server/master/src/main/java/org/apache/accumulo/master/tableOps/ImportTable.java
index 9f35628..ddf1598 100644
--- a/server/master/src/main/java/org/apache/accumulo/master/tableOps/ImportTable.java
+++ b/server/master/src/main/java/org/apache/accumulo/master/tableOps/ImportTable.java
@@ -34,7 +34,6 @@ import org.apache.accumulo.core.Constants;
import org.apache.accumulo.core.client.BatchWriter;
import org.apache.accumulo.core.client.BatchWriterConfig;
import org.apache.accumulo.core.client.Instance;
-import org.apache.accumulo.core.client.NamespaceNotFoundException;
import org.apache.accumulo.core.client.admin.TableOperationsImpl;
import org.apache.accumulo.core.client.impl.Namespaces;
import org.apache.accumulo.core.client.impl.Tables;
@@ -495,7 +494,7 @@ class ImportSetupPermissions extends MasterRepo {
SecurityOperation security = AuditedSecurityOperation.getInstance();
for (TablePermission permission : TablePermission.values()) {
try {
- security.grantTablePermission(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.user, tableInfo.tableId, permission);
+ security.grantTablePermission(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.user, tableInfo.tableId, permission, tableInfo.namespaceId);
} catch (ThriftSecurityException e) {
Logger.getLogger(ImportSetupPermissions.class).error(e.getMessage(), e);
throw e;
@@ -510,7 +509,7 @@ class ImportSetupPermissions extends MasterRepo {
@Override
public void undo(long tid, Master env) throws Exception {
- AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.tableId);
+ AuditedSecurityOperation.getInstance().deleteTable(SystemCredentials.get().toThrift(env.getInstance()), tableInfo.tableId, tableInfo.namespaceId);
}
}
@@ -519,13 +518,12 @@ public class ImportTable extends MasterRepo {
private ImportedTableInfo tableInfo;
- public ImportTable(String user, String tableName, String exportDir) throws NamespaceNotFoundException {
+ public ImportTable(String user, String tableName, String exportDir, String namespaceId) {
tableInfo = new ImportedTableInfo();
tableInfo.tableName = tableName;
tableInfo.user = user;
tableInfo.exportDir = exportDir;
- Instance inst = HdfsZooInstance.getInstance();
- tableInfo.namespaceId = Namespaces.getNamespaceId(inst, Tables.qualify(tableName).getFirst());
+ tableInfo.namespaceId = namespaceId;
}
@Override
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
----------------------------------------------------------------------
diff --git a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java b/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
index 7fdc9b2..b5a8b2a 100644
--- a/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
+++ b/server/tserver/src/main/java/org/apache/accumulo/tserver/TabletServer.java
@@ -67,6 +67,7 @@ import org.apache.accumulo.core.client.Instance;
import org.apache.accumulo.core.client.impl.CompressedIterators;
import org.apache.accumulo.core.client.impl.CompressedIterators.IterConfig;
import org.apache.accumulo.core.client.impl.ScannerImpl;
+import org.apache.accumulo.core.client.impl.Tables;
import org.apache.accumulo.core.client.impl.TabletType;
import org.apache.accumulo.core.client.impl.Translator;
import org.apache.accumulo.core.client.impl.Translator.TKeyExtentTranslator;
@@ -1181,7 +1182,8 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
List<IterInfo> ssiList, Map<String,Map<String,String>> ssio, List<ByteBuffer> authorizations, boolean waitForWrites, boolean isolated,
long readaheadThreshold) throws NotServingTabletException, ThriftSecurityException, org.apache.accumulo.core.tabletserver.thrift.TooManyFilesException {
- if (!security.canScan(credentials, new String(textent.getTable()), range, columns, ssiList, ssio, authorizations))
+ String tableId = new String(textent.getTable());
+ if (!security.canScan(credentials, tableId, Tables.getNamespace(instance, tableId), range, columns, ssiList, ssio, authorizations))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
if (!security.userHasAuthorizations(credentials, authorizations))
@@ -1338,8 +1340,8 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
throw new IllegalArgumentException("Cannot batch scan over multiple tables");
// check if user has permission to the tables
- for (String table : tables)
- if (!security.canScan(credentials, table, tbatch, tcolumns, ssiList, ssio, authorizations))
+ for (String tableId : tables)
+ if (!security.canScan(credentials, tableId, Tables.getNamespace(instance, tableId), tbatch, tcolumns, ssiList, ssio, authorizations))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
try {
@@ -1475,7 +1477,8 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
// if user has no permission to write to this table, add it to
// the failures list
boolean sameTable = us.currentTablet != null && (us.currentTablet.getExtent().getTableId().equals(keyExtent.getTableId()));
- if (sameTable || security.canWrite(us.credentials, keyExtent.getTableId().toString())) {
+ String tableId = keyExtent.getTableId().toString();
+ if (sameTable || security.canWrite(us.credentials, tableId, Tables.getNamespace(instance, tableId))) {
long t2 = System.currentTimeMillis();
us.authTimes.addStat(t2 - t1);
us.currentTablet = onlineTablets.get(keyExtent);
@@ -1739,7 +1742,8 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
public void update(TInfo tinfo, TCredentials credentials, TKeyExtent tkeyExtent, TMutation tmutation) throws NotServingTabletException,
ConstraintViolationException, ThriftSecurityException {
- if (!security.canWrite(credentials, new String(tkeyExtent.getTable())))
+ String tableId = new String(tkeyExtent.getTable());
+ if (!security.canWrite(credentials, tableId, Tables.getNamespace(instance, tableId)))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
KeyExtent keyExtent = new KeyExtent(tkeyExtent);
Tablet tablet = onlineTablets.get(new KeyExtent(keyExtent));
@@ -1997,11 +2001,11 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
}
@Override
- public TConditionalSession startConditionalUpdate(TInfo tinfo, TCredentials credentials, List<ByteBuffer> authorizations, String tableID)
+ public TConditionalSession startConditionalUpdate(TInfo tinfo, TCredentials credentials, List<ByteBuffer> authorizations, String tableId)
throws ThriftSecurityException, TException {
Authorizations userauths = null;
- if (!security.canConditionallyUpdate(credentials, tableID, authorizations))
+ if (!security.canConditionallyUpdate(credentials, tableId, Tables.getNamespace(instance, tableId), authorizations))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
userauths = security.getUserAuthorizations(credentials);
@@ -2012,7 +2016,7 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
ConditionalSession cs = new ConditionalSession();
cs.auths = new Authorizations(authorizations);
cs.credentials = credentials;
- cs.tableId = tableID;
+ cs.tableId = tableId;
cs.interruptFlag = new AtomicBoolean();
long sid = sessionManager.createSession(cs, false);
@@ -2083,7 +2087,9 @@ public class TabletServer extends AbstractMetricsImpl implements org.apache.accu
ThriftSecurityException {
String tableId = new String(ByteBufferUtil.toBytes(tkeyExtent.table));
- if (!security.canSplitTablet(credentials, tableId))
+ String namespaceId = Tables.getNamespace(instance, tableId);
+
+ if (!security.canSplitTablet(credentials, tableId, namespaceId))
throw new ThriftSecurityException(credentials.getPrincipal(), SecurityErrorCode.PERMISSION_DENIED);
KeyExtent keyExtent = new KeyExtent(tkeyExtent);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java
index b2c4c87..a879361 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTable.java
@@ -35,9 +35,10 @@ public class AlterTable extends Test {
Connector conn = state.getInstance().getConnector(WalkingSecurity.get(state).getSysUserName(), WalkingSecurity.get(state).getSysToken());
String tableName = WalkingSecurity.get(state).getTableName();
+ String namespaceName = WalkingSecurity.get(state).getNamespaceName();
boolean exists = WalkingSecurity.get(state).getTableExists();
- boolean hasPermission = WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getSysCredentials(), tableName);
+ boolean hasPermission = WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getSysCredentials(), tableName, namespaceName);
String newTableName = String.format("security_%s_%s_%d", InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_"), state.getPid(),
System.currentTimeMillis());
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java
index bad7b28..335ae31 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/AlterTablePerm.java
@@ -76,7 +76,7 @@ public class AlterTablePerm extends Test {
Connector conn = state.getInstance().getConnector(sourceUser, sourceToken);
canGive = WalkingSecurity.get(state).canGrantTable(new Credentials(sourceUser, sourceToken).toThrift(state.getInstance()), target,
- WalkingSecurity.get(state).getTableName());
+ WalkingSecurity.get(state).getTableName(), WalkingSecurity.get(state).getNamespaceName());
// toggle
if (!"take".equals(action) && !"give".equals(action)) {
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java
index 52b6e25..cfcc270 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/DropTable.java
@@ -50,9 +50,10 @@ public class DropTable extends Test {
Connector conn = state.getInstance().getConnector(principal, token);
String tableName = WalkingSecurity.get(state).getTableName();
+ String namespaceName = WalkingSecurity.get(state).getNamespaceName();
boolean exists = WalkingSecurity.get(state).getTableExists();
- boolean hasPermission = WalkingSecurity.get(state).canDeleteTable(new Credentials(principal, token).toThrift(state.getInstance()), tableName);
+ boolean hasPermission = WalkingSecurity.get(state).canDeleteTable(new Credentials(principal, token).toThrift(state.getInstance()), tableName, namespaceName);
try {
conn.tableOperations().delete(tableName);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
index 4016c12..8841355 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/SecurityFixture.java
@@ -31,7 +31,7 @@ public class SecurityFixture extends Fixture {
@Override
public void setUp(State state) throws Exception {
- String secTableName, systemUserName, tableUserName;
+ String secTableName, systemUserName, tableUserName, secNamespaceName;
Connector conn = state.getConnector();
String hostname = InetAddress.getLocalHost().getHostName().replaceAll("[-.]", "_");
@@ -39,6 +39,7 @@ public class SecurityFixture extends Fixture {
systemUserName = String.format("system_%s", hostname);
tableUserName = String.format("table_%s", hostname);
secTableName = String.format("security_%s", hostname);
+ secNamespaceName = String.format("securityNs_%s", hostname);
if (conn.tableOperations().exists(secTableName))
conn.tableOperations().delete(secTableName);
@@ -52,6 +53,7 @@ public class SecurityFixture extends Fixture {
conn.securityOperations().createLocalUser(systemUserName, sysUserPass);
WalkingSecurity.get(state).setTableName(secTableName);
+ WalkingSecurity.get(state).setNamespaceName(secNamespaceName);
state.set("rootUserPass", state.getCredentials().getToken());
WalkingSecurity.get(state).setSysUserName(systemUserName);
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
index a636355..5c23743 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/TableOp.java
@@ -66,10 +66,11 @@ public class TableOp extends Test {
boolean tableExists = WalkingSecurity.get(state).getTableExists();
String tableName = WalkingSecurity.get(state).getTableName();
+ String namespaceName = WalkingSecurity.get(state).getNamespaceName();
switch (tp) {
case READ: {
- boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabCredentials(), tableName);
+ boolean canRead = WalkingSecurity.get(state).canScan(WalkingSecurity.get(state).getTabCredentials(), tableName, namespaceName);
Authorizations auths = WalkingSecurity.get(state).getUserAuthorizations(WalkingSecurity.get(state).getTabCredentials());
boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
boolean ambiguousAuths = WalkingSecurity.get(state).ambiguousAuthorizations(conn.whoami());
@@ -140,7 +141,7 @@ public class TableOp extends Test {
break;
}
case WRITE:
- boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabCredentials(), tableName);
+ boolean canWrite = WalkingSecurity.get(state).canWrite(WalkingSecurity.get(state).getTabCredentials(), tableName, namespaceName);
boolean ambiguousZone = WalkingSecurity.get(state).inAmbiguousZone(conn.whoami(), tp);
String key = WalkingSecurity.get(state).getLastKey() + "1";
@@ -214,7 +215,7 @@ public class TableOp extends Test {
return;
} catch (AccumuloSecurityException ae) {
if (ae.getSecurityErrorCode().equals(SecurityErrorCode.PERMISSION_DENIED)) {
- if (WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableName))
+ if (WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableName, namespaceName))
throw new AccumuloException("Bulk Import failed when it should have worked: " + tableName);
return;
} else if (ae.getSecurityErrorCode().equals(SecurityErrorCode.BAD_CREDENTIALS)) {
@@ -228,12 +229,12 @@ public class TableOp extends Test {
fs.delete(dir, true);
fs.delete(fail, true);
- if (!WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableName))
+ if (!WalkingSecurity.get(state).canBulkImport(WalkingSecurity.get(state).getTabCredentials(), tableName, namespaceName))
throw new AccumuloException("Bulk Import succeeded when it should have failed: " + dir + " table " + tableName);
break;
case ALTER_TABLE:
AlterTable.renameTable(conn, state, tableName, tableName + "plus",
- WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getTabCredentials(), tableName), tableExists);
+ WalkingSecurity.get(state).canAlterTable(WalkingSecurity.get(state).getTabCredentials(), tableName, namespaceName), tableExists);
break;
case GRANT:
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
----------------------------------------------------------------------
diff --git a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
index b3e693c..37bb364 100644
--- a/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
+++ b/test/src/main/java/org/apache/accumulo/test/randomwalk/security/WalkingSecurity.java
@@ -56,6 +56,7 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au
protected final static Logger log = Logger.getLogger(WalkingSecurity.class);
private static final String tableName = "SecurityTableName";
+ private static final String namespaceName = "SecurityNamespaceName";
private static final String userName = "UserName";
private static final String userPass = "UserPass";
@@ -335,6 +336,10 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au
return state.getString(tableName);
}
+ public String getNamespaceName() {
+ return state.getString(namespaceName);
+ }
+
public boolean getTableExists() {
return Boolean.parseBoolean(state.getString(tableExists));
}
@@ -387,6 +392,10 @@ public class WalkingSecurity extends SecurityOperation implements Authorizor, Au
state.set(tableName, tName);
}
+ public void setNamespaceName(String nsName) {
+ state.set(namespaceName, nsName);
+ }
+
@Override
public void initTable(String table) throws AccumuloSecurityException {
state.set(tableExists, Boolean.toString(true));
http://git-wip-us.apache.org/repos/asf/accumulo/blob/90e1f22a/test/src/test/java/org/apache/accumulo/test/ConditionalWriterIT.java
----------------------------------------------------------------------
diff --git a/test/src/test/java/org/apache/accumulo/test/ConditionalWriterIT.java b/test/src/test/java/org/apache/accumulo/test/ConditionalWriterIT.java
index 70b639a..3f98c12 100644
--- a/test/src/test/java/org/apache/accumulo/test/ConditionalWriterIT.java
+++ b/test/src/test/java/org/apache/accumulo/test/ConditionalWriterIT.java
@@ -106,7 +106,7 @@ public class ConditionalWriterIT extends SimpleMacIT {
conn.tableOperations().create(tableName);
ConditionalWriter cw = conn.createConditionalWriter(tableName, new ConditionalWriterConfig());
-
+
// mutation conditional on column tx:seq not existing
ConditionalMutation cm0 = new ConditionalMutation("99006", new Condition("tx", "seq"));
cm0.put("name", "last", "doe");